We are a leading, global integrated cyber security service provider delivering great value to clients. As a group of companies, we provide a range of products and services to address the cyber security governance, risk management and compliance requirements of organisations to enable them to meet the commercial requirements and regulatory standards that are now in force, or are coming into force, in jurisdictions across the world.
Our group is split into three divisions of services and products.
The Group sells classroom-based training courses related to data protection, cyber security, ISO 27001 certification and related topics. In addition to “in person” based training, the Group also provides online training, e-learning courses, and examinations that are required to obtain certification.
The courses range from one to five days in length and are held in our new COVID-secure training centre with its integrated “Learn From Anywhere” capabilities, and online. Most delegates attending courses are doing so as part of their employment and at their employer’s expense. The Group can also provide bespoke courses at customers’ premises for organisations who require training for a number of their employees. The courses are aimed at a various different areas of IT governance and at different skill levels. In relation to ISO 27001 for example courses range from an introduction to ISO/IEC 27001 through to becoming a lead implementer or lead auditor.
Prior to April 2017 courses were predominantly held in the UK although there were a number of overseas delegates on UK courses and other courses were held via a live webinar to a domestic and international audience. Since April 2017 the Group has held courses in Eire, France, Belgium, the Netherlands, Sweden, Denmark, Germany, Italy and the USA. Since COVID-19 has struck, we are proud to have massively increased our online offering, with all courses now available for delegates to learn online and from the comfort of their own homes.
- Instructor-led classroom training fill rates up from 54% in April 2019 to 84% in February 2020.
- 2,800 classroom delegates trained across a portfolio of 28 GRC qualifications.
- Self-paced learning sales, at £329k, were up by 700% since FY 19
Professional Services Division
The Professional Services Division was established as a result of requests from delegates at training courses for practical assistance in designing and implementing data protection and cyber security policies and procedures for their businesses. The range of consultancy services and products supplied by the Group has grown over the years to meet the demands of clients. The consultancy services provided by the Group include (i) GRC Consultancy; and (ii) Technical Services.
- GRC Consultancy consists of DQM GRC and GRCI Law. These companies provide on-site and remote support helping organisations to design and implement data protection and cyber security policies and procedures, including ongoing compliance with GDPR, Privacy By Design, and achieving and maintaining ISO 27001 certification.
- Technical Services provides a range of services and products including:
- Penetration testing, where the Group carries out an authorised simulated attack on a customer’s IT systems to test the effectiveness of the systems and procedures and to identify any weaknesses; and
- PCI DSS assessments, the Payment Card Industry Data Security Standard applies to all organisations worldwide that transmit, process or store payment card data. The PCI DSS requires such organisations to have their data protection and cyber security systems tested regularly.
- Cyber Essentials certification and consultancy, where the Group provides an accredited certification service through an online portal that helps organisations of all sizes become certified to the UK government’s Cyber Essentials scheme.
Professional Services Highlights:
- Cyber security consultancy revenue had approximately doubled as a percentage of total revenue between Q1 FY19 and Q2 FY20
- FY20 Cyber security consultancy revenue up 22% on FY19
- IT Governance UK Consultants in FY20 operated at an average 72% utilisation to deliver 2,176 days of consultancy, starting 536 engagements during the year and completing 448. The split of new projects was
- PCI DSS 45
- Penetration Testing 196
- ISO 27001, GDPR, other GRC 295
- GRCI Law and DQM GRC continue to trade profitably
The Group sells books, documentation templates and software via its websites, both those it publishes or writes itself and those supplied by third parties.
Most of the books sold by the Group relate to how businesses should manage their IT risk exposures or standards published by various bodies. The Group commissions authors to write books on subjects where on the basis of feedback from clients or knowledge of the markets in which the Group operates they believe there will be demand. The Group also sells titles published by third parties including; IEC , the British Standards Institution; the Stationary Office; John Wiley; ISACA; Van Haren and Rothstein.
In addition, the Group creates and sells documentation templates that are used by customers to assist them to document their IT systems and procedures.
The Group also creates and sells software solutions through its subsidiary, Vigilant Software Ltd, which also forms part of the SaaS Division. One of the Vigilant software tools, VsRisk, provides a program for identifying and recording management decisions relating to the information security risk levels within an organisation’. The Group has also developed two more recently launched software offerings: a compliance management tool and a data flow mapping tool.
The majority of the SaaS Division’s sales are online and require limited human intervention. The Group generates sales through the use of key words and a limited amount of “pay per click” advertising through online search engines.
- 1,683 Cyber Essentials certifications in FY20, with H2 UP 57% on H1 FY20.
- Staff awareness training (e-learning) client profile changing from a high number of small clients to smaller number of larger, more committed organisations and the overall number of users of our Learning Management System (LMS) is up by 20% in H1 vs H2 FY19