Cybersecurity · Security Risk Assessment & Audit
Know your real risks before someone else finds them.
Risk assessments, gap analysis, ISO 27001 and SOC 2 prep, penetration testing.
Overview
Why this exists
Security work is full of theatre. Generic policies sit in folders no one reads, and the threats that actually matter — credential reuse, exposed admin endpoints, an ex-employee with a live API key — never make it onto the agenda. The first time anyone takes a real look is usually after the breach.
What we do
We assess your business against the threats that actually apply to it. Asset inventory, attack-surface mapping, technical review of cloud and applications, policy and process review, and where useful, focused penetration testing. The output is a prioritised list of risks scored by likelihood, impact and cost to fix.
How we work
Senior, hands-on consultants — no junior auditors with a checklist. Engagements are fixed-scope and time-boxed, with a written report your team can act on and a board-ready summary for whoever signs the cheque. Where you need to align with ISO 27001 or SOC 2, we map findings to the relevant controls so the work counts twice.
Frequently asked
Questions we get a lot.
How long does a project take?
Automation and dashboard work typically lands in 4 to 8 weeks. Platform builds usually run 3 to 6 months depending on scope.
How are projects scoped?
Projects are scoped around outcomes rather than billed loosely by the hour. The proposal covers scope, timeline, and commercial terms before delivery begins.
Do you work internationally?
Yes. Radley Labs works remotely with businesses in the UK and internationally.
Can you take over an existing project?
Yes. We can step into a build to rescue, extend, or complete work that is already underway.
Do you offer support after launch?
Yes. We offer ongoing support for monitoring, fixes, and further development after delivery.
Get started
Discuss a Security Risk Assessment & Audit project
Tell us what you're working on and we'll scope the shortest path to a live Security Risk Assessment & Audit engagement.