Common questions, honest answers

No. The service is designed specifically for business owners and operational leads who are not security specialists. Every question in the forms is written in plain language, and every finding and recommendation in your report is explained without jargon. If something needs a technical term, it will be explained.

If you are not sure about an answer in the intake form, say so. That uncertainty is useful information in itself.

No. The Baseline Review is conducted based on information you provide in the intake form and publicly available information about your setup. We do not need passwords, remote access, admin credentials, or any form of system access.

The intake form asks about what you have in place, not for access to it.

The Start Here form takes about 2 minutes. The onboarding intake form takes most clients around 15 minutes to complete. Once we have received your completed intake form, your written report is delivered within 5–7 working days.

You do not need to be available during the review process. It runs asynchronously, without any further input from you.

The async-first approach is deliberate. It works around your schedule, keeps costs down, and for most purposes it is simply the right tool. The intake form captures what we need. The report communicates the findings clearly in writing. Neither of these requires a call.

If you have a specific question before submitting the Start Here form, email us at hello@revelatech.co.uk and we will respond within one business day. For Guided Oversight clients, more structured written advisory input is included in the monthly service.

No. A penetration test involves actively attempting to exploit vulnerabilities in your systems. It is a technical offensive exercise. The Baseline Cyber Review is a structured advisory assessment: we review your practices, configuration, and setup based on the information you provide and reach conclusions about your security posture.

Penetration testing is not included in any of our services. If you specifically need a penetration test, you should engage a provider with the appropriate certifications (CREST, CHECK, or equivalent) and professional indemnity coverage for that type of work.

No. Cyber Essentials is a UK government-backed certification scheme with a specific scope and formal assessment process. Our Baseline Review covers similar ground and references Cyber Essentials controls where relevant, but the output is a practical advisory report, not a certification.

If you want to pursue Cyber Essentials certification, we can advise on whether your current position looks likely to meet the standard and what steps would be needed. Formal certification itself requires a registered Cyber Essentials assessor.

We are not an incident response service. If you have an active or recent breach, ransomware infection, or confirmed compromise, you need a specialist incident response provider, not an oversight service.

CREST-accredited IR firms are equipped to handle live incidents with the appropriate technical and legal support. Once an incident is contained and resolved, the Baseline Review may be a useful next step to understand how it happened and what to address.

We work with general small businesses across most sectors: professional services, consultancies, creative and marketing agencies, property and estate agents, technology businesses, logistics and distribution, e-commerce, and others.

We do not currently serve healthcare or medical businesses, FCA-regulated financial services firms, government organisations, or critical national infrastructure. These sectors have regulatory requirements that need specialist expertise beyond our current scope. If you are in one of these sectors, the Start Here form will let you know clearly.

Quite possibly, yes. IT support and cyber security oversight are different things. Most IT providers focus on keeping your systems running: resolving issues, managing hardware, and maintaining connectivity. Security review is often either not formally in scope or is done informally and without a structured record of findings.

The Baseline Review gives you a documented, independent assessment of your security posture. It is something your IT provider likely cannot produce, and something you can share with clients, insurers, or your board. If your IT provider is already conducting formal security assessments and producing written reports, ask to see one. If they are not, this service fills that gap.

The service is designed for businesses with 1–30 staff that do not have a dedicated IT security resource. If you are in that range, the service is built for you.

If you have more than 30 staff, or if you already have internal security oversight, a dedicated IT security team, or an active managed security provider, we are probably not the right fit. The Start Here form will indicate this clearly rather than you finding out later.

If you have had a comparable structured assessment from a credible provider in the last 12 months, direct enrolment into a monthly oversight tier may be possible without repeating the Baseline Review. Mention it in the Start Here form. We will review what you have and advise on whether it is sufficient to move directly to oversight.

If the prior review was informal, automated, or significantly out of date, the Baseline Review is likely still the right starting point.

Yes. We support UK and US businesses from launch. Pricing for US clients is in USD ($795 for the Baseline Review, $249/mo Essential, $449/mo Guided).

Some recommendations will be UK-focused, particularly around regulatory context, insurance, and specific tooling. Where guidance differs meaningfully for a US context, we flag it. If you are based elsewhere and want to enquire, email us and we will advise on whether we can help.

No. The Baseline Review is a complete, standalone engagement. There is no obligation to continue into monthly oversight, and we will not pressure you to do so.

The report will include a recommendation on whether ongoing oversight would add value for your situation. Some clients will find it useful immediately. Others will work through the action plan first and return to oversight later. Some will take the findings, act on them, and have no further need for regular support. All of these are fine outcomes.

Yes. Monthly oversight can be cancelled with 30 days' notice. There is no minimum commitment beyond the current billing period and no penalty for cancelling. We would rather you stay because the service is useful, not because you feel locked in.

For the Baseline Cyber Review, no. It is a one-off purchase with no ongoing commitment.

For monthly oversight, we use a simple service agreement that sets out what is included, the billing terms, and the cancellation process. It is written in plain English and is not designed to trap you. You will receive it before your first oversight month begins.

UK clients: Prices are in GBP and are quoted exclusive of VAT. VAT is added at the standard rate at the point of purchase. Your invoice will show the ex-VAT price and VAT separately.

US clients: Prices are in USD and are inclusive of all charges. No further taxes are added by us (though you should check your own tax obligations in your jurisdiction).

Baseline Cyber Review: £595 + VAT (UK) / $795 (US), one-off.
Essential Oversight: £199 + VAT / $249 per month.
Guided Oversight: £349 + VAT / $449 per month.

See the full pricing page for complete detail, including what is included in each tier.

Not at launch. Annual billing may be introduced later, once the service is established and we have a clear picture of client retention behaviour. If and when it is available, it will be mentioned on the pricing page.

Information you provide through the Start Here form and intake form is used only to conduct your enquiry and deliver your service. We do not share it with third parties for marketing, sell it, or use it for any purpose beyond the service you have engaged.

Data is stored on a secure, UK-based server with restricted access. For full details of what we collect, how long we keep it, and your rights under UK GDPR, see our Privacy Policy.

We want the review to be genuinely useful. If after receiving your report you feel something within scope was not covered adequately, contact us and we will address it. We would rather get it right than have a client walk away feeling short-changed.

If you have a specific concern after reading the report, the written follow-up included with the service is the right place to raise it.