The ECSC ASSURE division provides a wide range of consultancy and testing services to support your information and cyber security development, certification and ongoing management.



We offer a wide range of security testing services, including:

  • Annual external and/or internal penetration testing
  • Specific application penetration testing
  • Code auditing
  • Social engineering testing

Find out more

ISO 27001

If you aren't already certified, then our consultants prepare you for your UKAS/ANAB accredited certification body assessment. If you are already certified, or following a successful certification project, we can help you manage and maintain your Information Security Management System.

Find out more

Cyber Essentials

Cyber Essentials is a cyber security standard introduced by the UK government that aims to provide organisations of all sizes with basic, cost-effective protection against the most common Internet-based threats.

ECSC is a Certifying Body for the Cyber Essentials programme; this means we can conduct your assessment, report the outcome to the Accreditation Body (CREST), and ultimately, issue the certificate when you pass.

Find out more

Cyber Security Review

ECSC's Cyber Security Review is designed to assess the key aspects of your IT security related infrastructure, processes and technical management capabilities, and balance these against the cyber threats that are most relevant to your business.

An ECSC Cyber Security review utilised three essential components, all unique to ECSC:

  • ECSC Cyber Security Priorities - areas of IT security protection that DIRECTLY impact on your risks of a serious cyber security breach.
  • ECSC Cyber Security Matrix - a scoring tool covering your current capability and the risks that your organisation faces.
  • ECSC Cyber Security Quadrant - an Executive level reporting system that gives management a clear picture of your current position and enables resource decisions.

Find out more


As Qualified Security Assessors (QSAs), our role is to:

  • Help you understand your Payment Card Industry Data Security Standard (PCI DSS) compliance obligations and options
  • Support you through a development programmed to deploy compliant systems (and remove others from scope)
  • Assess you against the standard, either as a Merchant reporting to your bank, or as a Service Provider.

We also support clients to compliance following a breach of card data.

Find out more

Sign Up

Sign Up For the Latest News, Briefings & Announcements

To understand how ECSC Group plc may use your email address, please view our policy on Privacy and Cookies by clicking here

ECSC Group plc

ECSC has almost two decades' experience in the design, implementation and management of IT security solutions.

Reg No. 3964848

VAT No. 746361914


28 Campus Road
Listerhills Science Park
United Kingdom

+44 (0) 1274 736 223