Cybersecurity for Edinburgh businesses —
regulated controls, Scotland-aware delivery.
Servnet designs, deploys and runs cybersecurity for Edinburgh firms with regulators paying close attention — New Town financial services (NatWest, Lloyds Scotland, Standard Life, Aegon, Baillie Gifford), Scottish Government and ALBs, NHS Lothian + broader NHS Scotland, Edinburgh tech (FanDuel, Skyscanner, Rockstar North), and Scottish universities. Cyber Essentials Plus through to FCA Operational Resilience-grade controls, with engineers attending Edinburgh sites on-site for serious incidents.
Why Edinburgh cyber programmes have their own profile
Edinburgh concentrates the regulated estates of Scotland's financial-services capital, Scottish Government, NHS Lothian, a substantial tech scene and the higher-education cluster. Each has its own regulatory load — and the Scottish public-sector landscape differs meaningfully from England (Scottish Gov frameworks, NHS Scotland processes, Scottish data-protection nuances).
FCA Operational Resilience for Edinburgh finance
Edinburgh financial-services firms (banks, asset managers, pension providers) carry FCA Operational Resilience obligations the same as the City of London. We map cyber controls to the firm's Important Business Services and Impact Tolerances, ready for SMF attestation.
NHS Scotland Information Security Policy + DSPT
For NHS Lothian and the 13 other NHS Scotland boards, cyber work lands against NHS Scotland Information Security Policy Framework, SWAN-aligned segmentation, NIS Regulations 2018, and board-specific information governance standards.
NCSC + Scottish Government baselines
For Scottish Government departments, ALBs, councils and Police Scotland we configure to NCSC Cyber Assessment Framework profiles, Scottish Government Cyber Resilience Framework, and Public Services Network for Police where applicable.
Edinburgh tech needs SOC 2 + ISO 27001
For FanDuel-style Edinburgh tech businesses serving regulated US / EU customers, cyber programmes need to land against SOC 2 Type II, ISO 27001, plus the specific gaming / sportsbetting regulatory regimes their customers operate under.
What Servnet cyber delivers in Edinburgh
NGFW design + deployment
Multi-site FortiGate, Palo Alto, Cisco Firepower and Juniper SRX deployments — including dual-fabric for New Town trading floors and resilient WAN for multi-site Scottish Government estates.
EDR / XDR + 24×7 monitored response
CrowdStrike, SentinelOne, Sophos rollouts with eyes-on-glass triage — Edinburgh-priority handling with engineer dispatch into EH-postcodes inside the agreed SLA.
Identity, MFA + conditional access
Entra ID, Okta, PingFederate hardening — passwordless rollouts for New Town finance customers, conditional-access policies that survive an FCA review, PAM (CyberArk, BeyondTrust) where role demands.
Cyber Essentials Plus + ISO 27001
For Edinburgh mid-market firms tendering into Scottish Government, NHS Scotland or financial services primes, CE+ readiness and assessment — plus ISO 27001 technical evidence layer.
SOC 2 readiness for Edinburgh tech
For Edinburgh tech scale-ups (Skyscanner, FanDuel-class businesses) we run SOC 2 Type I and Type II readiness work — gap analysis, control implementation, audit-pack preparation.
Incident response retainer with on-site attendance
Retainer customers get guaranteed in-hours and out-of-hours response with engineers physically dispatched into any EH postcode for serious incident. Forensic kit ready.
Edinburgh cyber clients we work with
- ▸New Town financial servicesNatWest, Lloyds Scotland, Standard Life, Aegon, Baillie Gifford, M&G — Operational Resilience mapping, third-party assurance, trading-floor isolation, FFIEC-aligned where US parent applies.
- ▸Scottish Government + ALBsScottish Gov departments, ALBs — NCSC CAF mapping, Scottish Gov Cyber Resilience Framework, Public Services Network where applicable, SC / DV cleared engineer attendance.
- ▸NHS Lothian + NHS Scotland boardsNHS Lothian + 13 NHS Scotland boards — NHS Scotland Information Security Policy alignment, SWAN-aligned segmentation, clinical-system hardening.
- ▸Edinburgh techFanDuel, Skyscanner, Rockstar North in Lothian, FreeAgent, Float — SOC 2 readiness, ISO 27001, cloud-landing-zone hardening, AWS / Azure / GCP security posture.
- ▸Edinburgh + Heriot-Watt universitiesUniversity of Edinburgh, Heriot-Watt, Napier, Queen Margaret — research-data classification, JANET edge security, lab-network isolation for funded projects.
- ▸Scottish councils + Police ScotlandCEC + Midlothian + East / West Lothian councils — NCSC CAF mapping, Scottish Gov framework supply, public-sector SOC monitoring.
How we run cyber for Edinburgh clients
On-site within hours into New Town + South Gyle
For monitored-response Edinburgh customers, P1 incident typically has engineer in motion within 90 minutes and on-site inside 5–6 hours via train from London / Surrey. For long-term Edinburgh contracts we maintain Scotland-based engineer cover.
Quarterly operational reviews
For NHS Scotland, FCA-regulated and Scottish Gov customers we run quarterly reviews against the firm's controls register — fed into SMF, board governance or executive attestation cycle.
Out-of-hours change windows that fit Edinburgh
Trading-floor firewall, EDR rollout or DC migration happens Friday-evening to Sunday-evening so New Town finance is clean Monday open. Engineers on-site for cutover.
Quarterly threat briefings for executive sponsors
For FCA SMF holders, NHS Scotland exec leads and Scottish Gov CISOs we run a 60-minute quarterly briefing — what changed in the threat landscape that affects your sector, where Scottish peers got hit, what regulators are signalling.
Edinburgh cybersecurity — common questions
How do you handle Scottish public-sector cyber differently from English?
Scottish Government has its own Cyber Resilience Framework, Procurement Scotland frameworks, and NHS Scotland Information Security Policy Framework that differ in detail from NHS DSPT. We work to the Scottish-specific requirements while applying the same NCSC CAF / Cyber Essentials Plus underlying controls. Scottish council estates also typically run on Scottish-specific application stacks (e.g., SWAN, Public Sector Network Scotland).
Can you run cyber for a New Town financial-services firm to FCA Operational Resilience standards?
Yes — frequent engagement for Edinburgh finance. We map cyber controls to the firm's Important Business Services and Impact Tolerances, evidence them for SMF attestation, run quarterly Operational Resilience reviews. Same depth of FCA-aware work as we deliver for City of London customers.
Are your engineers SC or DV cleared for Scottish Government work?
Yes — we hold a roster of SC-cleared engineers and can arrange DV clearance through the sponsoring Scottish Government department. Most Scottish Gov ALB work is fine with SC; some sensitive estates request DV.
Can you handle NHS Scotland Information Security Policy Framework?
Yes — we work with NHS Lothian and broader NHS Scotland board-affiliated organisations on NHS Scotland Information Security Policy Framework evidence, plus SWAN-aligned segmentation, board-specific information governance standards.
Do you do Cyber Essentials Plus for Edinburgh tech businesses?
Yes — frequent engagement for Skyscanner-class businesses, FanDuel-class regulated tech, and smaller Edinburgh scale-ups. CE+ readiness, remediation, assessment — typically 4–6 weeks for a 50–200 endpoint estate.
How do you price cyber for a 100-user Edinburgh firm?
Three-tier model — Foundation (CE+ controls, MFA, email security, EDR), Resilience (above + 24×7 monitored response + quarterly review), Regulated (above + Operational Resilience or SOC 2 mapping + incident retainer).
Can you help an Edinburgh tech business with SOC 2 Type II?
Yes — SOC 2 Type I and Type II readiness work for Edinburgh tech scale-ups. Gap analysis against the AICPA Trust Service Criteria, control implementation, evidence collection, audit-pack preparation. Typically 4–6 months for Type II from a standing start.
Other services we deliver in Edinburgh
Need cyber that holds up to a Scottish regulator review?
One call — direct to a cyber engineer who has done this for Edinburgh firms like yours. We'll size the gap honestly and price the closure.