Named senior security leader
A named QMC4 Cyber leader as your fractional or interim CISO. Same person every meeting, present at the leadership table, accountable for delivery.
← All servicesvCISO & Security Leadership
A senior security leader on retainer — without the senior security leader's salary.
Counsel sits alongside your leadership team and does the work a CISO would do. We translate cyber risk into language your board, your insurer and your auditor can act on, and we deliver the certifications, board papers and procurement responses that the rest of the business needs you to produce.
Fractional or interim CISO
Cyber Essentials & CE+
ISO 27001 alignment
Third-party risk assessments
Due diligence questionnaires
Quarterly board paper
What's included
Inside Counsel,
in plain English.
Cyber Essentials & Cyber Essentials Plus
End-to-end delivery — readiness assessment, remediation, audit support, certification. We carry the work, you sign it off.
ISO 27001 alignment
A right-sized ISMS for the size of your business — not the consultancy theatre version. Audit-ready documentation, internal audit support, certification path when you need it.
Procurement & questionnaires
Security questionnaires, supplier-due-diligence responses, RFP security sections. We answer them in your voice, with the evidence to back the answers.
Insurance renewal support
Underwriter questionnaires get harder every year. We answer them honestly, evidence the controls, and pre-empt the questions your broker will not have time to ask.
Quarterly board paper
Two pages, plain English, designed to be read aloud at a board meeting — risks, posture, next quarter. The same document your insurer and auditor recognise.
How it works
Four phases.
One accountable team.
Calibrate
Understand your business, your contractual obligations, your regulators, your risk appetite. The first 30 days are listening, not delivering.
Plan
A 12-month roadmap mapped to NCSC CAF and NIST CSF, sized to what your business can actually absorb. Signed off by your leadership team.
Execute
Deliver against the roadmap month by month — certifications, policies, board papers, procurement responses. Monthly progress, quarterly board paper.
Respond
When an incident, audit or questionnaire arrives, we lead the response — with the rest of QMC4 Cyber on the technical side if you have other services with us.
Why Counsel
Three reasons
this is different.
Plain-English documentation
Board papers your CFO can read aloud without a translator. Policies your team can actually follow. Audit evidence that survives the first hour of scrutiny.
Aligned to UK frameworks
NCSC Cyber Assessment Framework, NIST CSF, ICO guidance, Cyber Essentials. The frameworks your regulators and clients reference, not a generic compliance map.
Same team that runs your detection
If you also run Sentinel or Identity, the team writing your board paper sees what's happening on your network. There is no translation layer between governance and operations.
Counsel — FAQ
Buyers usually
ask these next.
How many days a month?
Typical retainers run 1, 2, 4 or 8 days per month, sized to where you are in your security maturity. We can flex up around audits, certifications and incidents.
Can you act as our interim CISO?
Yes — Counsel is often used as an interim CISO between hires, or as a permanent fractional CISO for businesses that do not yet need a full-time post.
Do you sign off as CISO on documents?
Where contractually appropriate and with named accountability, yes. We will sign Cyber Essentials submissions, ISO 27001 documentation, and board-level security statements that fall within scope of the retainer.
Can Counsel run without Sentinel or Identity?
Yes. Counsel is fully useful on its own. It often becomes the first service a client takes, with operational services added as the maturity case strengthens.
Take the next step
Book a board-pack review.
See what good looks like.
Send us a copy of your most recent board-level security paper (or describe what your board sees today). We will give you 30 minutes of honest feedback, and a sample of the format Counsel produces.