•This service provides a holistic approach to identifying cyber security risks and mitigations for a cloud service, system or organisation. Internationally recognised frameworks are used to categorise risks and identify appropriate mitigations. A clear board level summary is provided to inform decision making and embed findings. The service comprises of three phases: assess, evaluate and embed.