One Framework.
Multi-Standard Alignment

The CyberDomain Unified Control Framework assesses your security maturity across ten domains — and maps that maturity against the standards your clients, insurers, and auditors care about

Get Your Free Risk Assessment

See How It Works

What It Measures

Maturity, Not Checkbox Compliance

The UCF measures how well your current security posture aligns to the intent of recognised frameworks — giving you an honest, evidence-based picture you can act on.

An important distinction: the UCF models alignment and maturity — not formal certification. A strong score shows you’re building the right foundations and gives you a credible evidence base for insurance renewals, client assurance, and formal certification programmes. It does not replace accreditation by the relevant standards body.

Standards Coverage

Aligned to the Frameworks That Matter

Each UCF domain is mapped to the standards most relevant to UK SMBs. One assessment — one maturity picture — aligned across all of them.

ISO 27001 NIST CIS18 Cyber Essentials NCSC 10 Steps

Rather than implementing each standard separately, the UCF gives you a single programme that shows your degree of alignment to all of them — eliminating duplication, reducing cost, and giving you a consistent picture to share with any stakeholder.

The Ten Domains

What We Assess

Every assessment covers all ten domains, scored independently so you can see exactly where your strengths and gaps are.

01 · RISK
Risk & Governance
Oversight, accountability, and leadership engagement with cyber risk.

02 · ENGAGE
Engagement & Training
Security awareness, staff behaviour, and human-factor risk reduction.

03 · ASSET
Asset Management
Visibility of systems, devices, and data — and who owns them.

04 · ARCH
Architecture & Configuration
Secure system design, configuration baselines, and change control.

05 · VULN
Vulnerability Management
Patching, weakness identification, and remediation of known risks.

06 · IAM
Identity & Access Management
Who can access what, privilege controls, and account lifecycle management.

07 · DATA
Data Security
Protection, classification, retention, and recoverability of business data.

08 · MONITOR
Logging & Monitoring
Detection of suspicious activity, alerting, and security event visibility.

09 · INCIDENT
Incident Management
Response procedures, recovery capability, and post-incident learning.

10 · SUPPLY
Supply Chain Security
Supplier risk, third-party access controls, and vendor security expectations.

See It In Action

Find Out Where You Stand Across All 10 Domains

Your free assessment covers every domain and returns a clear maturity picture — in plain English.