Relatable Security

Security leadership that builds trust and keeps growth moving

We help you reduce risk without slowing delivery, with pragmatic support for audits, teams, and product decisions.

Talk to us Browse our resources

How can we help?

I'm a how can you help me...
Certification planning and compliance support

Help us achieve certification without creating bureaucracy

Pragmatic support for ISO 27001, Cyber Essentials, DSPT, and similar frameworks.

Learn more Strategic security leadership and advisory support

Give us senior security leadership without hiring a full-time CISO

Flexible advisory support for organisations that need direction, prioritisation, and confidence.

Learn more Team capability and culture development

Build stronger habits, awareness, and team capability

Awareness, leadership, and culture support that improves day-to-day behaviour rather than just training records.

Learn more

Feedback from our clients

As a result of their thoroughness and in depth knowledge of all things ISO, not only did we receive the certification, but more importantly, genuinely improved our information security, processes and procedures, bringing long term value to the business. They also ran the internal audit, with even the external auditors commenting on how thorough and valuable it was. They were a pleasure to work with and I would not hesitate to recommend their services.

Paul Bone, Dubit Limited

The approach to internal audits is particularly good. Instead of one big audit that we used to see, they have broken down the internal audit into areas of the business and tool controls, clauses applicable and audited them separately – so about 8 audits done which covers everything well for different business areas. Very nice approach.

ISO 27001 external auditor, External audit company

Mel and Kit were invaluable in ensuring that we passed the audit and received their ISO 27001 certification at the first time of asking. They clearly explained the whole process, with timelines to ensure that we could plan time and budgets accordingly. They provided detailed advice at every stage, were hands on when needed, but ensured that we transitioned to self sufficiency through the process so there was no long term dependency created.

ISO 27001 Client, Software development company

Recent thoughts

Illustration of connected cloud services representing data sub-processors
Compliance Risk Management

What are sub-processors, and why should you care?

Melissa George

Written: 1st April 2026

Author: Melissa George

Most organisations know who their data processor is. Fewer think about who that processor relies on to deliver the service - the hosting provider, the email platform, the analytics tool sitting quietly in the background.

Under UK GDPR, those organisations are sub-processors, and understanding them is part of your responsibility as a controller. This article explains what sub-processors are, what the law requires of both controllers and processors, and the practical questions you should be asking before you sign - or renew - a contract.

Understand sub-processors risk