Keep your cybersecurity updated and ready
Once your ISMS is in place, the real work begins. Maintaining compliance, improving maturity, and keeping teams aware, all while preparing for audits and adapting to new risks, takes time and expertise.
Cingulum’s Cybersecurity Maintenance gives your organisation the ongoing support it needs to stay compliant and confident. Modular, expert-led, and designed around your reality, not ours.
What is Cingulum’s cybersecurity maintenance?
Our cybersecurity maintenance solution supports the ongoing governance of your ISMS, including:
- Continuous alignment with ISO 27001/CyberFundamentals, and, where relevant,TISAX, DORA or SOC2
- Policy lifecycle management and audit preparation
- Awareness training, phishing simulations, and internal campaigns
- Optional platform support via Responsum for transparent collaboration and tracking
- Tailored modules that grow with your needs
How it works?
Our governance support follows a modular structure, giving you the flexibility to scale support based on your needs.
Each module is led by a dedicated team of consultants who ensure tangible results. You stay in control of the scope while we deliver the structure, discipline, and technical depth to keep your ISMS effective over time.
Every engagement begins with the Basic Governance module. This is the foundation of your ISMS maintenance and includes quarterly management reviews, updated documentation, and internal preparation for audits. It ensures your system remains aligned with your chosen standards, and that your leadership has a clear view of your organisation’s security posture.
From there, you can add additional modules based on the complexity of your environment, regulatory exposure, or internal capacity:
The Policy Review System helps you manage and revise policies on a structured, rotating schedule. For many organisations, this follows a three-year cycle and ensures nothing slips through the cracks.
Security Awareness focuses on keeping your employees informed and alert. This includes hands-on awareness campaigns, e-learning modules, and phishing simulations tailored to your risk landscape.
With Vulnerability & Pen Testing, we bring in trusted specialists to test the real-world resilience of your systems. This includes technical scanning as well as optional in-depth penetration testing — with clear, actionable reporting.
Finally, if you need ongoing strategic or operational leadership, our CISO/ISO-as-a-Service modules provide experienced experts who guide your organisation and handle day-to-day ISMS governance.
Who is it for?
- Organisations certified or verified under ISO 27001, CyberFundamentals, or operating in scope of NIS2
- Teams that need ongoing cybersecurity governance without internal overhead
- Companies preparing for audit or re-certification cycles
- Businesses seeking continuity, not one-off consulting
Whether you’re a growing SME or a multinational operating across borders, we scale to fit your needs.
Why choose Cingulum?
Tailored, not templated.
Our modular setup means you only take what you need. We adapt to your organisation’s size, sector, and maturity, without forcing unnecessary scope.
Flexible support, as you grow.
Need strategic leadership or operational bandwidth? You can scale up with CISO or ISO-as-a-Service at any point, without restarting your governance approach.
One partner, multiple angles.
We combine legal and technical expertise in one team, so you don’t need to bridge that gap yourself. Whether it’s policy, compliance, or architecture, we speak the language.
Frequently Asked Questions
We align our support with your organisation’s certification or review cycle, which is typically 1 to 3 years. The intensity of our involvement depends on your size and the modules you select.
As a reference:
- For organisations with fewer than 50 employees, each module generally requires between 6 and 18 days per year
- Between 50 and 250 employees, this increases to 7 to 24 days per year
- For larger organisations up to 1000 employees, you can expect 10 to 33 days per module per year
No. Only the Basic Governance module is mandatory as this forms the foundation of our support. The other four modules are entirely optional and can be added based on your needs, internal capabilities, or compliance goals. Many clients start small and expand over time.
Yes. Our service is built to be flexible. If your needs change (for example, you gain internal capacity, face a new audit, or fall under new regulatory scope), we can adjust the support accordingly. You’re not locked into a fixed package.
We work with organisations of all sizes, from scale-ups looking to mature their ISMS, to larger enterprises maintaining multi-standard compliance. If you’re ISO 27001 or CyberFundamentals certified (or planning to be), this solution is likely a good fit.
Yes. While we recommend RESPONSUM for its efficiency and alignment with our methodology, we are tool-agnostic. If you already have a GRC or document management system in place, we’re happy to work within your environment.
Each module comes with specific outputs: updated policies, meeting reports, awareness campaign materials, scan reports, or management-ready strategic reviews. This depends on the scope. You’ll always know what to expect and when.
Absolutely. Whether you have an ISO 27001 external audit coming up, or a client requiring proof of compliance or maturity, we can tailor our efforts accordingly. Preparation support is a core part of our Basic Governance module.
Ready to strengthen your ISMS?
Security is not a project. It’s a posture and we help you hold it.
Let’s talk about how Cingulum can support your governance efforts in a way that’s pragmatic, structured, and sustainable.
