Security Improvement Planning Services

Sapphire’s approach

Devising the most appropriate security strategy requires a full picture of risk, which in complex environments can be time-consuming and expensive. Even after understanding a specific risk, chief information security officers, CISOs, are faced with an array of controls, frameworks, and standards which present a laundry list of requirements.

Sapphire provides clarity for senior security leaders, using a tested approach to define a path to security improvement connected to core business objectives. Working hand in glove with in-house teams, Sapphire can prioritise this according to available resources to select the most appropriate controls to address risk.


Ensure your security strategy has a solid foundation with an in-depth assessment of posture and risk points to identify threats, highlight potential vulnerabilities and prioritise risk.

Map these risks directly to your business objectives to prioritise proposed investment on human and technological assets. This builds a business case that shows ROI, easing conversations with senior stakeholders.

Deliver a strategy that concentrates on the controls relevant to your organisation, while maximising resource spend.

Frequently Asked Questions

More than a risk assessment, a Security Improvement Programme (SIP) will help define a clear route towards maturing your strategy to allow for a process of continual improvement. This can include:

  • A better understanding of security posture and capabilities
  • Prioritising vulnerabilities and risk
  • Guidance on cyber security resources and investments
  • Plotting a path to improving existing controls
  • Help define an appropriate cyber security strategy

The SIP enables organisations to consider multiple security requirements and map them to business objectives to define a robust strategy that offers future guidance on spend, policy and procedural change.

It consists of several logical phases, starting with internal and external reviews using our Consultancy Services and Technical Services teams. This includes a gap analysis, compliance review, and deployment of non-intrusive technology, enabling us to report and present findings and recommendations for security improvement.

The Security Improvement Programme can cover various cyber security controls within your business. Available services include:

  • Gap Analysis
  • Security Compliance Review
  • External Security Testing
  • Systems Vulnerability Assessment
  • Malware Protection
  • Threat Analysis Review
  • Perimeter Policy Review
  • Incident Response Readiness Review
  • Phishing Awareness Testing
  • Wireless Assessment
  • Physical Security Audit
  • CE+ Pre-assessment
  • Technical Workshop

Established in 1996, Sapphire’s services range from data forensics to penetration testing and security consultancy. The company is a member of the CREST, Tiger, and NCSC CHECK schemes, and it is ISO 27001 certified.

The Security Improvement Programme team employs skilled specialists to help organisations plot a course to security maturity, something we have done for some of the largest organisations in the UK.