Prove you’re secure with evidence, not promises
Cyber risk isn’t managed by tools alone. It’s managed by repeatable processes, clear ownership, and evidence that stands up to customers, auditors, insurers and regulators. The Process, Certification & Testing pillar helps you move from “we think we’re okay” to demonstrable assurance without drowning in paperwork.
Lockdown makes compliance and certification frictionless: we work with your internal IT team or MSP, translate requirements into practical actions, and help you build the policies, controls and testing evidence needed to pass scrutiny and maintain progress year after year.
Faster
assurance
→
Answer questionnaires, tenders and audits with clear evidence, not last-minute scrambling.
Stronger
governance
→
Turn frameworks into real accountability, ownership and repeatable ways of working.
Reduced
compliance risk
→
Meet certification and regulatory expectations with proportionate, documented controls.
Measurable
maturity
→
Show progress over time with audit-ready artifacts, testing and continual improvement.
Process, certification & testing
Common problems
Blocked by baseline security checks
“Customer or public sector work requires Cyber Essentials and we don’t know where to start.”
explore problem →
Without Cyber Essentials, you can lose contracts, fail onboarding, or get stuck in procurement.
Recommended solution →
Cyber EssentialsWe can’t evidence controls for SOC2
“Our US customer requires SOC 2 and we can’t evidence our controls in a structured way.”
explore problem →
Deals slow down when you can’t show consistent controls, monitoring, and evidence.
Recommended solution →
SOC2AI compliance and accountability gap
“We’re rolling out AI, but we can’t show governance, safeguards, or safe data use.”
explore problem →
AI creates new risks: data leakage, bias, uncontrolled outputs, and unclear accountability.
Recommended solution →
ISO42001Regulators want resilience evidence
“We need to meet DORA expectations for ICT resilience, testing, and supplier oversight.”
explore problem →
Regulated resilience requires clear governance, incident readiness, continuity testing, and third-party control.
Recommended solution →
DORAWe don’t want to fail CE+
“We’re aiming for Cyber Essentials Plus, but we’re not confident we’ll pass the assessment.”
explore problem →
Gaps between what you think is in place and what the audit tests can cause failure and delays.
Recommended solution →
Cyber Essentials +Audit-ready ISO27001, not paperwork
“We want ISO27001, but it feels like a huge paperwork project with unclear ownership.”
explore problem →
Without a working ISMS, policies drift, audits feel painful, and assurance requests become reactive.
Recommended solution →
ISO27001We need an OT security standard
“Our OT / plant systems are fragile. We need an OT security standard we can evidence.”
explore problem →
Legacy OT is hard to patch, downtime is costly, and safety/service risk increases.
Recommended solution →
IEC62443NIS2 is coming - are we ready?
“NIS2 applies to us and we need to prove ongoing security and incident readiness.”
explore problem →
NIS2 raises expectations for risk management, reporting, and accountability.
Recommended solution →
NIS2Choose cyber security area
Not sure where to start?
Pick the closest match, we’ll help you choose the best-fit option.
Customer requirement
→
“We need to pass onboarding, questionnaires or procurement.”
Certification goal
→
“We want a recognised standard and audit-ready evidence.”
Regulatory / resilience
→
“We need to meet DORA or NIS2 expectations.”
Good to know
Not sure which one you need?
Tell us what you’re being asked for (customer requirement, tender, audit, insurer, regulator) and your timeline. We’ll recommend the fastest, best-fit route.
What’s the difference between Cyber Essentials and Cyber Essentials Plus?
Cyber Essentials is a self-assessment against five core controls. Cyber Essentials Plus adds independent validation with testing and evidence.
Do we need ISO27001 if we already have Cyber Essentials?
Not always. Cyber Essentials is a baseline and ISO27001 is a full information security management system (ISMS) for ongoing governance, risk management and continual improvement.
Is SOC2 only for US companies?
No. SOC2 is often requested by US customers, but it’s useful for any organisation that needs to evidence strong controls to buyers and partners.
How does ISO42001 help with AI risk?
It gives you a way to prove responsible AI: roles, policies, risk controls, data safeguards, monitoring and documentation across the AI lifecycle.
Is IEC62443 relevant if we’re “not a factory”?
If you have operational technology, building systems, IoT, or safety-critical operations, IEC62443 helps standardise OT controls and supplier responsibilities.
Do DORA and NIS2 replace certification?
No. They’re regulations. Certifications (Cyber Essentials, ISO27001, etc.) can help you evidence controls, but you still need the right governance, incident readiness and reporting processes.
Can you work with our MSP / internal IT team?
Yes. We translate requirements into practical actions and work alongside your IT partners to implement controls and produce audit-ready evidence.
How long does it take?
It depends on scope and current maturity. We’ll map your quickest path, prioritise the highest-impact fixes, and plan evidence collection around your deadline.
