Boards now carry data and security risk across more jurisdictions, and more regulation, than they are built to manage. Alvermere helps them hold a single, defensible position — judged independently, kept in confidence.
An advisory to boards on security, data and regulatory risk.
The firm
We are a small, independent advisory, retained by boards for the security and data decisions that matter most.
We hold no products to sell and no platforms to push, so our advice answers to one thing only: the client’s interest. We prefer to be brought in early — while the question is still a decision, not yet a crisis.
What we do
A small number of things, for a small number of organisations — as a matter of judgement, not process.
The diagnostic
A senior, independent read on where an organisation’s security and regulatory risk concentrates, and how its posture compares to the stakes it carries. The considered beginning of a relationship.
Independent assurance
An honest read for the board or audit committee on whether risk is genuinely understood and controlled — a position the accountable owner can defend, designed to back the in-house team rather than sit over it.
Programme & ISMS oversight
When a gap surfaces, we shape and steer the programme — led, not staffed. Senior ownership of direction, without renting a function.
Situations
The high-stakes moment — an incident, a regulatory finding, a transaction under diligence — where a credible answer is needed quickly, from someone who has been in the chair.
Our point of view
Read separately, every regime looks like a fresh programme to run. Read together, they converge on one obligation — demonstrable, board-level control over the data and systems an organisation cannot afford to lose.
A board does not need a compliance programme for every jurisdiction. It needs one defensible position that answers to all of them. That is the view we hold, and the lens through which we read each new development.
The principal
Stephen Randles
A career Group Chief Information Security Officer, most recently accountable to the board for security, data and regulatory risk across a global software business. Pedigree is the proof; it is set out in full on his page.