A comprehensive range of Assessments that inform planning and decision-making.

The primary objective of carrying out assessments is to provide interpretative intelligence and ensure the availability of suitable insight to inform planning and decision-making activities.

Assessments are used to define a current status; often informative in its own right, but also, comparing the findings of an assessment with the desired, longer-term outcome is useful for identifying improvement targets or development areas, as well as prioritising resources and expenditure. Sharing an assessment with stakeholders can also be a powerful tool for improving engagement on a project and driving operational development.

We have an extensive range of Assessment options, but the core areas of activity are:

  • Technology Maturity Assessment
  • Network Vulnerability Assessment
  • Security and Enterprise Risk Assessment
  • Cyber Maturity Assessment Threat Assessment
  • Threat Assessment
  • Vulnerability Assessment
  • Security Status Assessment
  • Operational Performance Assessment
  • Security Needs Assessment
  • Vendor Assessment

Trust in our experience, recognised industry wide

What we do?

Our Approach

CornerStone's comprehensive range of Assessment services provides the insight and intelligence to inform a range of decision making activities. By establishing the current status we can go on to produce a Gap Analysis that defines the difference between the current situation and the desired destination. It can also be used to establish the position from which development can occur. We will seek to establish applicable standards that will influence our assessment scope or define with the project Stakeholders a completely bespoke range of activity that matches our clients needs. Our 'Risk' related Assessments are built on a framework of ISO 31000 methodology but will also encompass other relevant standards applicable to the subject. IT and Cyber Risk assessments may use ISO 27001 to inform their scope and may encompass the NIST Cyber Security Framework along with a number of other Cyber related standards. Our process is flexible and our areas of expertise broad enough to enable us to deliver a comprehensive set of Assessment Services that deliver value, either as a one-off activity or as part of a broader project.

Risk Assessment

By specialising in both Security Risk Management and Security Engineering we are able to offer a uniquely integrated process that ensures we are able to deliver a truly joined-up service.

Threat Assessmentt

Threat Assessments provide an understanding of a broad range of hazards that have the capability and motivation to exploit any vulnerabilities that may exist

Vulnerability Assessment

The Vulnerability Assessment offers highly actionable insight into the weakness and gaps that may exist in your current defences. It's often delivered in conjunction with Risk and Threat Assessment Services

Security Status Assessment

Improve levels of preparedness and resilience using a Security Status Assessment as the initial step on a broader improvement pathway while optimising existing resources


SABRE a security risk management standard for new and existing buildings, infrastructure assets and managed space. The scheme provides industry with a framework that can be used during the design, construction and operation of assets to achieve better security outcomes and return on investment.

Security Needs Assessment ‘BREEAM Hea 06’

The purpose of the SNA is to aid decision-making and allow the identification and evaluation of security recommendations or solutions. CornerStone have a team of Suitably Qualified Security Specialists(SQSS) available to help you through the process

Why choose us?

CornerStone has pioneered the development of contemporary security risk management practices over many years. Our Unified Security Risk Management® model provides a truly joined-up and inclusive way of addressing some of the trickiest security challenges. Through the development of a deep understanding of security risk we have established how its identification, quantification and mitigation can be utilised to improve an organisation’s security posture, reducing risk levels whist improving business resilience and preparedness. From our London HQ we work with clients around the world, helping them to achieve their security objectives. We have the experience and the know-how to deliver outstanding results across all areas of business, Public Sector and Government.

We deliver outstanding solutions to world-class clients

Customer service is embedded in everything we do. When your client list includes many of the world’s leading companies your standards must be high. The ongoing investment we make in our unique delivery process and our commitment to professional development is all about providing excellence at every stage and ensuring that we deliver outstanding results.

We have a holistic approach

Our unique, holistic approach has been developed to align with the modern business environment we operate within. It recognises the need for joined-up, inclusive solutions that are not limited to a particular security silo. We have the expertise and experience to deliver exceptional results across the full spectrum of risk and security consulting services. 

We deliver value

Our clients recognise that above all else we deliver value for their investment. That is why 92% of our client engagements over the last 10 years have led to us providing them with additional services. It is the value we deliver that keeps our ‘approval rating’ so high: whether finding creative solutions to tough challenges, working with stakeholders to understand cultural context, or offering advice and support whilst delivering other projects. 

We are independent

We are completely independent of any product manufacturer, system installer or other types of security company. We do not supply equipment, install products, or provide installation or commissioning services. When you speak to us it is safe in the knowledge that you will receive unbiased, expert advice that is not influenced by a relationship with a particular manufacturer or installer. Our solutions are based on your requirements – we have no other agenda.

We make our clients more resilient

Improving a client’s risk profile starts with a comprehensive analysis of their current situation. Once we know the threats they may be exposed to and what vulnerabilities exist, we use our joined-up, holistic approach to address even the most complex of requirements. Through a comprehensive mitigation programme we will reduce levels of risk and increase business resilience allowing them to focus on their primary business objectives. 

We are totally client-focused

Our unique delivery process helps us maintain the quality of our service and retain our client-focused approach. We understand that without our clients we cannot continue to thrive, so client relationships are top of our agenda. Our consultants have been carefully selected to ensure that our desire to delight our clients is embedded throughout every engagement.

Get Started Today

Whether you’re in the planning stage, looking to review an existing risk, or curious about how we can support your business, it's never too early to start a conversation.