Amethyst Cyber Group

Governance and Compliance

Evidence-led assurance for certification, cyber controls, standards, and secure builds.

Support for organisations seeking Cyber Essentials certification, optional readiness checks, CIS compliance across endpoints, servers, cloud environments and tenants, or evidence for supplier, audit, and internal governance requirements.

Submit enquiry Download prerequisites

Assurance areas

Governance support with technical depth

Cyber Essentials certification

Certification support for scoped organisations, including submission guidance, evidence review, and remediation advice where required.

Optional readiness checks

Pre-assessment review of scope, technical controls, evidence, and likely gaps before formal Cyber Essentials submission.

Build reviews

Assess servers, endpoints, cloud platforms, and network devices against agreed secure build standards.

CIS compliance

Map endpoint, server, cloud environment, and tenant configurations to applicable CIS Benchmarks, including gaps, exceptions, and compensating controls.

Control evidence packs

Prepare evidence for audit, customer assurance, supplier onboarding, and internal governance stakeholders.

Remediation planning

Prioritise control gaps and provide practical actions for technical owners and risk owners.

Compliance confirmation

Provide a clear summary of reviewed controls, current state, residual risk, and recommended next steps.

What it is

Governance and compliance work helps convert technical controls into evidence that can support certification, supplier assurance, audit activity, and internal risk management decisions.

Who it is for

Suitable for organisations seeking Cyber Essentials certification, preparing for supplier due diligence, validating CIS alignment, or needing a clear view of control gaps across endpoints, servers, cloud environments, and tenants.

Useful outputs

  • Certification and readiness evidence
  • CIS gap mapping and exception tracking
  • Risk-based remediation priorities
  • Control summaries for stakeholders

Prerequisites

Gather the right evidence before review

The prerequisite pack covers Cyber Essentials certification scope, optional readiness evidence, CIS benchmark inputs for endpoints, servers, cloud environments and tenants, management console exports, and known risk exceptions.

Governance and compliance prerequisite pack

PDF checklist for certification scope, control evidence, build review inputs, CIS mapping, and compliance confirmation.

Download PDF

FAQ

Governance and compliance questions

What does Cyber Essentials certification support include?

Support can include scope review, evidence preparation, control guidance, remediation advice, and assistance with the certification process.

Is readiness work required before certification?

Readiness is optional, but it is useful where scope is unclear, technical controls need review, or the organisation wants to identify likely gaps before submission.

What can CIS compliance cover?

CIS alignment can cover endpoints, servers, cloud environments, and tenants. Reviews map current configuration against relevant benchmarks and identify gaps or exceptions.

Are build reviews included in this service?

Yes. Secure build reviews sit under Governance and Compliance and can assess servers, endpoints, cloud platforms, and network devices against agreed standards.

Can outputs support supplier assurance?

Yes. Outputs can be shaped for audit, supplier questionnaires, customer assurance, internal governance, and remediation planning.