Information Risk Management Ltd

Address: Eagle Tower
11th Floor
Montpellier Drive
GL50 1TA
Telephone: +44 (0)1242 225200
Email: [email protected]
Contact: Graham Mitchell
[email protected]

Duncan McDonald
[email protected]
+44 (0)7739 996378

IRM works to defend organisations against cyber threats.

Founded in 1998, IRM provides visibility and control across entire cyber landscapes by combining more than 17 years of consultancy with advanced software technology. By covering all aspects of cyber security from PCI compliance to automated threat intelligence, IRM supports organisations at every step of their cyber maturity journey.

Trusted by over 750 customers in 25 countries and numerous divisions of UK Government, IRM’s expertise highlights vulnerabilities whilst reducing risk across your people, places, interactions, processes and technology.

Discover our full service cyber security consultancy and technology at


Penetration Testing

Contact: Sean Arrowsmith
+44 (0)1242 225200
[email protected]

IRM employs a team of consultants who are able to perform highly skilled penetration tests that reflect real-world scenarios.  By conducting research, identifying vulnerabilities, exploiting weaknesses and helping implement improvement programmes, IRM not only help address specific weaknesses but enable clients to apply good risk management practices across their organisations.

CREST Qualified Consultants:
Practitioner Security Analysts:  Yes
Registered Penetration Testers:  Yes
Certified Web Application Testers:  Yes
Certified Infrastructure Testers:  Yes
Certified Wireless Testers:  No

Simulated Target Attack & Response (STAR) Penetration Testing

Contact: Sean Arrowsmith
+44 (0)1242 225200
+44 (0)7876 352860
[email protected]

IMPACT is IRM’s premium penetration testing service. It is a return to traditional pen testing and seeks to provide a cyber-attack simulation or red teaming service.

IMPACT is intelligence led and focuses on the client, their environment and associated threat actors in order to target the service in a way that simulates a real life attack. The aim is to identify both weaknesses within the security posture and to test the resilience and responsiveness of the client organisation.

CREST Qualified Consultants:
Certified Simulated Attack Managers:  No
Certified Simulated Attack Specialists:  No