Foundation Security Advisory from Razorthorn Security

Most growing businesses know they should be doing more about security but do not have the budget or headcount to build an internal security function. The result is that security gets managed by IT on the side, gaps go unnoticed and the first time anyone pays proper attention is when something goes wrong.

Razorthorn’s Foundation Security Advisory gives you access to senior level security expertise on a predictable monthly retainer. You get quarterly advisory sessions with a senior consultant, an annual external penetration test, regular vulnerability monitoring, a Defence in Depth review, compliance guidance and a clear roadmap for improving your security over time.

Razorthorn has been providing cybersecurity consultancy since 2007. Because we are a specialist consultancy rather than a generalist IT provider, your advisory sessions are led by people who do this work every day across organisations of all sizes. When your roadmap calls for something beyond advice, whether that is a penetration test, a compliance assessment or a managed security service, the capability is already here – you do not need to find another supplier.

Book a Free Consultation

Please leave a few contact details and one of our team will get back to you.

What is included in Foundation Security Advisory?

Quarterly security advisory session

A structured session with a senior Razorthorn consultant each quarter. This is where you review your security position, discuss any concerns or changes in your environment, assess progress against your roadmap and agree priorities for the next quarter.

Annual external penetration test

A CREST certified penetration test of your website and perimeter infrastructure carried out once a year. You receive a full report with prioritised findings and remediation guidance.

Cybersecurity Defence in Depth Review and Advisory

A structured review of your security controls across multiple layers, looking at how your defences work together rather than in isolation. Your consultant assesses whether you have appropriate controls at each layer and advises on where to strengthen.

Quarterly vulnerability exposure monitoring

Monitoring of your website and perimeter infrastructure each quarter to identify external vulnerabilities before they become incidents. Findings are reviewed by your consultant and fed into your security roadmap.

Security roadmap and prioritised improvement plan

A practical plan for improving your security over time, with clear priorities based on risk. Your roadmap is reviewed and updated each quarter so it always reflects your current position and the most important next steps.

Compliance guidance

Guidance on compliance with PCI DSS, ISO 27001, Cyber Essentials, DORA and NIS2. Your consultant helps you understand which requirements apply to your organisation and what you need to do to meet them, without needing to interpret the standards yourself.

Email access to the Razorthorn advisory team

Between quarterly sessions, you have email access to the Razorthorn advisory team for security questions, guidance and advice. When you need an answer, you have a team to ask.

How much does Foundation Security Advisory cost?

Small Business

Small Business

Under 50 seats

£1,995 per month

Medium Business

Medium Business

50 to 200 seats

£2,995 per month

Large Business

Large Business

200+ seats

Contact us for pricing

How does Foundation Security Advisory compare to Razorthorn’s other services?

Foundation Security Advisory is designed as a starting point for organisations that do not yet have dedicated security leadership or an ongoing security programme. If your needs grow beyond what this package covers, Razorthorn offers two more comprehensive retained services:

CISO as a Service

CISO as a Service provides strategic security leadership on a monthly retainer. Your consultant sets the security direction, manages risk, reports to the board and oversees your security programme. Packages start from £2,495 per month

Dark gray circular badge reading 'CONTINUOUS SECURITY ASSURANCE'

Continuous Security Assurance provides a full operational security programme including continuous threat exposure management, annual pentesting, identity review, supplier assessment, architecture advisory, incident support and monthly reporting. Packages start from £4,495 per month.

Frequently asked questions about CISO as a Service

What is Foundation Security Advisory?

Foundation Security Advisory is a managed security retainer from Razorthorn Security designed for SMEs that do not yet have an internal security function. It includes quarterly advisory sessions, annual penetration testing, quarterly vulnerability monitoring, a Defence in Depth review, compliance guidance and a security roadmap, all delivered by a senior consultant on a monthly retainer.

How much does Foundation Security Advisory cost?

The Small Business package for organisations with under 50 seats is £1,995 per month. The Medium Business package for 50 to 200 seats is £2,995 per month. Large Business pricing for 200+ seats is available on application. All packages include every service.

What size organisation is Foundation Security Advisory designed for?

SMEs that need expert security guidance but do not yet have a dedicated security function. Typically that means growing businesses where security is currently managed by IT alongside other responsibilities, and where the organisation has reached a point where that approach is no longer sufficient.

What does the quarterly advisory session cover?

Each session reviews your current security position, discusses any changes in your environment, assesses progress against your security roadmap and agrees priorities for the next quarter. Sessions are led by a senior Razorthorn consultant.

What does the annual penetration test cover?

The annual penetration test covers your website and perimeter infrastructure. It is an external test carried out by CREST certified testers. You receive a full report with findings prioritised by severity and practical remediation guidance.

What is a Defence in Depth review?

A Defence in Depth review assesses your security controls across multiple layers to evaluate how your defences work together. Rather than looking at individual controls in isolation, it examines whether you have appropriate protection at each layer and where gaps exist.

What compliance frameworks does the service cover?

Compliance guidance covers PCI DSS, ISO 27001, Cyber Essentials, DORA and NIS2. Your consultant helps you understand which requirements apply and what you need to do to meet them.

Can I contact Razorthorn between quarterly sessions?

Yes. All packages include email access to the Razorthorn advisory team between scheduled sessions. If you need more regular access, CISO as a Service offers monthly, fortnightly or weekly sessions.

How is Foundation Security Advisory different from CISO as a Service?

Foundation Security Advisory is a lighter touch service with quarterly advisory sessions, designed for organisations at an earlier stage of security maturity. CISO as a Service provides more frequent and hands-on strategic security leadership, with monthly, fortnightly or weekly sessions, board reporting, risk register ownership and deeper governance involvement. Foundation Security Advisory is the starting point. CISOaaS is the next step up.

Can I upgrade to a more comprehensive service later?

Yes. Many organisations start with Foundation Security Advisory and move to CISO as a Service or Continuous Security Assurance as their security maturity develops or their requirements grow. Your consultant can advise on when the time is right to step up.

Looking for related services?

CISOaaS works alongside several of our other services to build a complete security programme:

CISO as a Service
Continuous Security Assurance
Penetration Testing
Managed Vulnerability Scanning
Cybersecurity Review

Follow Us