top of page
Culture Gem consult logo

Here at Culture Gem, we are dedicated to helping organisations embed culture into the heart of security. We are experts in cyber and information security awareness, behaviour change activities and strategy development for customers who need help meeting regulatory requirements like ISO 27001, UK GDPR, PCI DSS, Cyber Essential Plus, NIST or GovS 007.


We believe that every company has a right to be confident in the information they share, and we work hard so you can have complete peace of mind. Culture Gem delivers high quality services with an exceptional level of assurance at competitive prices. We are committed to excellent customer service and delivering high value consultancy, with integrity, through our exceptional staff. The quality of each individual's contribution enables us to build lasting relationships, and provide assurance that your project will be in safe hands.


Culture Gem's support goes beyond security awareness and delivers organisation-wide security culture and behaviour change. Working with you, we will evaluate your audience to identify risks that may contribute to high severity incidents and design creative solutions for reducing these behaviours through training initiatives or other methods, as needed by your organisation, to make sure you are equipped against any potential threats.

  • Incidents and risks are mitigated through culture and behavioural change activities after thorough analysis, which identifies:

    • Knowledge/retention gaps 

    • Learning styles/needs

    • Organisational risks

    • Incident themes

  • Security awareness culture and behaviour change activities are tailored to client needs for maximum impact; we avoid generic methods and identify:

    • Stakeholder demographic

    • Tone and content to better reach and engage stakeholders

    • Optimal learning styles

  • Identify policy and procedure gaps to supplement documentation, in line with client needs, and delivered as part of a considered plan for cascading and audit tracking, where appropriate. Gap analysis includes, but is not limited to:

    • Governance

    • Regulation

    • Training requirements

    • Internal process/procedure

  • Security behaviour and culture change strategy setting and delivery planning, factoring in organisational constraints, values, and priorities:

    • Defining the problem statement

    • Identifying risks

    • Objective setting

    • Milestone definition

    • Resourcing plans and funding procedures

    • Preempting blockers

    • Bespoke security awareness planning

  • Identifying what’s important to the organisation to screen and shortlist viable cloud partners provides a critical assessment to minimise duplication of analysis. Shortlisted suppliers will be assessed by your team reducing volume of contact (marketing calls, emails etc) allowing you to focus on business-as-usual activities without distractions.

  • Liaising with and analysing potential suppliers before introducing shortlisted partners allows you to focus on core business. Business justification, costing and budget materials are produced in line with your company processes.

  • Management buy-in and lead-by-example ensures successful rollout of programmes. Stakeholders are:

    • Identified and engaged in the process

    • Canvassed for input and insight

    • Encouraged to champion the programme

  • Setting metrics for reports to go beyond completion rates and meet core values, where:

    • Tailored reports meeting governance requirements

    • Metrics are available and clear to stakeholders

    • Templates ensure consistency

    • Automation reduces manual work for staff to maintain the reports and metrics

  • Campaigns are created to deliver organisational values, remediate against risk and engage stakeholders through a combination of

    • Communication

    • Training, coaching

    • eLearning

    • Speaker slots, and

    • Other creative aspects

Cyber Essentials Plus Logo
DataGuard Logo
Crown Commercial Service Supplier Logo
bottom of page