Most businesses take their MSP at their word. We think that's not good enough - for you, or for us. That's why we've started our journey toward Assurix accreditation: independent, continuous verification that we're actually doing what we say we do.
What is Assurix? →
That's an uncomfortable thing for an IT provider to say. But it's true - and the data backs it up.
MSPs sit at the heart of their clients' IT environments. We hold admin credentials, manage your security tools, control your backups, and have deep access to your systems. If an MSP operates to poor standards - or worse, if they're compromised themselves - the impact on clients can be severe.
The UK government recognises this. The Cyber Security and Resilience Bill is driving expectations that MSPs in critical supply chains must meet ongoing assurance requirements, not just periodic audits.
Yet most of the certifications MSPs hold tell you very little about whether they're doing the right things right now. ISO 27001 tells you they met a standard on the day they were assessed. Cyber Essentials confirms a point-in-time snapshot. Neither tells you what's happening in your environment today.
Assessed once a year. Standards can drift significantly between audits - and no one would know until the next assessment window.
References and case studies are useful - but they tell you what a provider was like, not whether they're meeting standards today.
Most MSPs ask you to take their word for it. Without third-party, continuous monitoring, there's no objective way to verify that they are.
Assurix is an independent trustmark for UK managed service providers. It verifies that an MSP meets defined standards across cybersecurity, operational maturity, and business resilience - using live data from the tools the provider uses every day.
Spanning cybersecurity, operational maturity, and business resilience. More than 20 tracked live.
Built on the NCSC Cyber Assessment Framework 4.0 - the same standard the UK government is driving toward for critical supply chains.
If a control falls out of tolerance, there are 30 days to fix it - or the trustmark is publicly suspended. No hiding a lapsed accreditation.
Assurix integrates with PSA, RMM, Microsoft 365, and backup systems - collecting evidence automatically, every day, not once a year.
Aligned to NCSC CAF 4.0 - covering vulnerability management, identity and access controls, endpoint protection, patch management, and incident response capability.
SLA adherence, ticket management, change control, invoicing clarity, and the day-to-day processes that determine whether an MSP actually operates professionally.
Business continuity planning, supply chain risk management, and the operational foundations that ensure an MSP can keep delivering when things go wrong.
We were already confident in the standards we operate to. We've built our service around Microsoft's security stack, Huntress managed detection and response, immutable backup, and a genuine commitment to doing the unglamorous work properly - patching, monitoring, documentation, access control.
But confidence isn't the same as proof. And we believe our clients deserve more than confidence.
Assurix caught our attention because it doesn't ask us to fill in a form once a year - it watches the tools we use every day and holds us publicly accountable if standards slip. That's exactly the level of scrutiny we want to be held to. Not because anyone forced us, but because it reflects how we already think about our responsibility to clients.
The trustmark is deliberately hard to earn - and we're among the early wave of UK MSPs working toward it. We're preparing our environment against the 64-control framework now. It takes time to do properly, and that's the point.
Once we achieve the trustmark, it gives you:
Once we achieve the trustmark, it gives you:
Or take our free security scorecard →
We're happy to walk you through where we are on the Assurix journey and what it means for how we look after your environment.