Governance, Risk & Compliance

We’re brilliant at helping information security, risk and compliance professionals to communicate with risk and asset owners in a language they understand.

We help you better communicate and use the power of storytelling to increase stakeholder buy-in.

Ultimately this helps decision-makers to make better and more informed choices about what risks are, and are not, acceptable; to them, to their clients and, in some cases, society.

The tools that can help you to make such compelling stories are our ORAM™ (Operational Risk Assessment Methodology) and CRAM™ (Contextual Risk Assessment Methodology) tools which we developed in-house and have helped clients evidence a risk-based approach to security.

Underpinning all of our governance, risk and compliance work is our industry-leading SABC™ methodology. SABC™ integrates our research into behaviour, change and communication into not just employee education and awareness programmes, but uniquely, into Governance, Risk and Compliance.

Taking the necessary steps to secure your organisation is more than a tick-box exercise. Especially if you want to reap the true benefits. 

“I can strongly recommend Marmalade Box to anyone who is looking for ISO 27001 guidance.” 

Chief HR & Legal Officer
ZitCom Gmbh

Find out how to build your best in class security team

[mb_product_findoutmore link=”/learning-development/”]


We help key stake-holders and decision-makers to build and implement an effective organisational structure and management system which demonstrates the Board is in control of its risk.


We facilitate discussions, amongst stakeholders, to help identify risks to strategic and operational KPI’s from a breach of information security. We then identify and implement effective controls to manage behaviour in line with your organisation’s appetite for risk. 


Our team have a track record of helping clients comply with a wide variety of regulatory, industry and contractual obligations. The ability to draw on our in-house legal experts, combined with security professionals, means we can give organisations the confidence that they have compliance under control.