Securing your future together

Leading Information Security Transformation

Providing Value in Control and Management of Data

About Leafspine


Leafspine is a small private limited company founded upon a varied and lengthy exposure to delivering complex Information & Technology Systems within Information Security and IT Risk for global corporations in the UK, North America, North Africa, EU, and Switzerland.

This knowledge has been gained and nurtured by being fully immersed in all aspects of system life cycle and have led large-scale, global, high-value security and IT transformation projects with a view to improving cost performance and supporting business strategy. Leafspine has extensive knowledge and practical experience in managing, solving information security objectives across the multiple industry sectors, business functions and domains:

  • Banking / Financial Services;
  • Energy Industry;
  • Facilities Services;
  • HealthCare & Medical;
  • Insurance;
  • IoT Systems;
  • IT & Telecoms;
  • Oil & Gas;
  • Reinsurance.

We apply a systematic risk approach to establish, implement, operate, monitor, review, maintain and improve information security systems to reduce risk to acceptable levels within your organisation.

Our core principles

  • Support the business:
    • Focus on the business goals and objectives, not just the technology
    • Deliver quality and value to stakeholders working effectively to negotiate appropriate levels of security
    • Seek to comply with relevant legal and regulatory requirements
    • Provide timely and accurate metrics
    • Evaluate the as-is to-be threats
    • Promote continuous improvement plans and business initiatives
  • Defend the business:
    • Adopt a risk-based approach to understanding the major risks
    • Protect classified information
    • Concentrate on business-critical applications
    • Develop systems securely, based on best practices and standardised frameworks
  • Promote responsible security behaviour:
    • Detect and respond to technical, procedural and human capabilities
    • Foster a security-positive culture
Leafspine Products


Depending on your organisational individual requirements, achievement is when the security goals and objectives are met and when confidentiality, integrity, availability, authenticity and non-repudiation is ensured.

The outcome is that information:

  • is adequately protected available when required.
  • is disclosed and only observable by those who have been classified to do so.
  • is only able to be modified by authorised means.
  • is exchanged between end-to-end to parties only.

We define, develop, deliver and enforce an enterprise grade Information Security Policies, IT Risk Management practices and associated processes, procedures and standards.


Developing the Framework & Supporting Processes

Rules that run the organisation start by determining the expected outcomes and levels of acceptable risk. These objectives need to be verified to understand the gaps between the current-future state. Road maps will then help to show the strategy and from here a persuasive business case can be developed to encompass the benefits, cost and risk.

Risk Management

Managing Risk to Acceptable Levels

Risk is ultimately a judgement to the level of exposure to a probability of a threat and its impact if that vulnerability is exposed. Assessments need to identify, analyse and evaluate the most probable outcomes across strategic, management, operational and legal/regulatory threat landscape.

Program Development & Management

Identify, Manage & Protect Assets

Time spent on defining and developing objectives that have both approval and consensus from key stakeholders is paramount for the successful delivery of the program. From this effective metrics can be devised to show progress through the implementation phases and milestones.

Incident Management

Detect, Investigate, Respond & Recover

Testing of incident management and response plans increases the likelihood of recovery within defined points and objectives. It prepares the organisation for that unplanned disruptive event to be resolved within the agreed acceptable levels and hopefully without the need for declaration of a disaster recovery.

Leafspine Professional Services

Professional Services

The Information Security Manager's main objective within your organisation is to increase stakeholder value by providing business process assurance to minimise the impact to adverse events.

We offer a wide range of information security services, from consulting, business impact analysis, strategy, certification and risk assessment, to incident response, project and program management.

Our core skills & credentials

  • Information Security Management:
    • ISACA, Certified Information Security ManagerĀ® (CISM)
    • ISO27001, Certified ISMS Lead Implementer
  • IT Service Management:
    • ITIL, v3
  • Project Management:
    • PRINCE2, Practitioner
  • Communications Network Management:
    • CISCO, CCIE Routing & Switching


Depending on your requirements our Information Security Manager is available for hire over a flexible 1, 3, 6, 9, or 12 month contract.

Leafspine can offer its Information Security and IT Risk services in the areas of Banbury, Birmingham, Central London, Coventry, East Midlands, Leicester, Lichfield, Loughborough, Midlands, Milton Keynes, Northampton, Nuneaton, Rugby, Solihull, Stafford, Tamworth, Warwick, West Midlands.

The next availability of hiring our Information Security Manager will start from the month shown.

Contact Leafspine
Contact Us
Information Security and IT Risk Consultancy

0800 246 5790
Rugby, Warwickshire, UK

The Future is in Your Hands

Security is only as strong as the weakest link!

Effective Information Security is the responsibility of the entire organisation