FCA and ICO ready
MFA, audit logging, endpoint EDR, email DMARC, and DLP configured to the expectations of the FCA SYSC handbook and the ICO accountability principle.
Industries
IT built for the audit, not around it.
Managed IT and security for UK financial services firms: IFAs, wealth managers, accountants, payment businesses and fintechs. FCA and ICO requirements treated as the baseline, not the aspiration.
Why financial services?
Because an ordinary MSP will not pass your audit.
Generic managed IT is good enough for most UK SMBs. It is not good enough when your client agreement has an ICO clause, your PI insurer wants a Cyber Essentials Plus certificate, and the FCA can walk in next quarter.
We run the stack every regulated firm eventually lands on. MFA enforced, conditional access, endpoint EDR, email DMARC to reject, DLP on client data, and monitored 24/7 by a real SOC. Then we keep the evidence pack current so audit day is boring.
Audit, ready Request a sample evidence pack
Controls your regulator will recognise on sight.
The FCA, PRA and your auditor all want the same things: evidence, segregation, recovery. We bake those controls in from day one and keep the paper trail current.
For operations
- Conditional access on every identity
- Privileged access reviewed quarterly
- Immutable backups, tested recovery
- Patching inside 72 hours for criticals
For the audit
- Control evidence exported on demand
- Change logs, access reviews, incident records
- Board-ready risk and posture reports
- Mapped to CE+, ISO 27001 and FCA guidance
Audit export complete 10:21
Q1 access review, backup verification and change log exported. 0 findings.
Controls in place, continuously enforced
147
Our baseline
What every financial services client runs, by default.
The controls you need, without the business-case debate. Included in the service.
Data classification and DLP
Microsoft Purview sensitivity labels, DLP policies on client data and payment information, automated retention and disposal.
24/7 monitored tenants
Huntress MDR on every endpoint, Microsoft 365 sign-in and mailbox watch, and written incident reports when anything trips the wire.
Evidence for audit
Quarterly control evidence packs for ISO 27001, SOC 2, ICO assessments and insurer questionnaires. Zero scramble on audit day.
Joiner, mover, leaver controls
HR-integrated provisioning. New hires have accounts, laptops and MFA on day one. Leavers are offboarded and audited within the hour.
Regulated workstations
Intune-managed laptops with drive encryption, USB control, BitLocker recovery held, and automated patch within 72 hours of release.
Client quote
"They passed our insurer questionnaire, our FCA inspection and our SOC 2 audit without a single finding in IT. First time in four years."
Head of Operations, Midlands-based IFA
Alignment
Mapped to the frameworks auditors actually check.
FCA SYSCUK GDPR and ICOPCI DSS (if taking card)Cyber Essentials PlusISO 27001 alignment
Free · no slide deck
Audit coming up? Let us walk the controls with you.
30 minutes with our engineer and compliance lead. We will look at your current state against the regulatory baseline and give you a written list of the three things to fix before the inspector arrives.