Skip to content
arrow-alt-circle-up icon

Cyber Incident Call

arrow-alt-circle-up icon

00800 1744 0000

arrow-alt-circle-up icon


With our SOC Maturity and Capability assessment we use the SOC-CMM framework to assess your Security Operations Center and provide tailored recommendations to increase your SOC’s maturity. 

  You will have a fully independent assessment with a fresh pair of eyes on the maturity and capabilities of your SOC.  

 You will gain insight in where your SOC stands compared to industry best practices and other SOC’s. 

  You will receive tailored recommendations to improve the maturity levels of your SOC’s processes, technology stack and services.  

What is SOC-CMM?

SOC-CMM is a capability and maturity model which can help Security Operations Centers measure and increase their maturity. Using the model, periodic assessments can be performed to create improvement plans to continuously improve the maturity and capabilities of your SOC. Additionally, performing a periodic SOC-CMM assessment shows your customers and stakeholders that you are continuously improving your SOC and its services. We use this model to continuously improve our own SOC, which has been certified for SOC-CMM on the ‘Risk Driven’ level.

Conducting a SOC-CMM assessment is not a trivial task. Assessments require proper preparation and planning and need to be executed with care. That is why our assessors are SOC-CMM-certified with numerous successful SOC consultation under their belt. We are a Gold support partner of SOC-CMM since the launch of its support partner network in October of 2023 which means we are in close contact with the developer of the model and the community around it.


Related Services


Managed Detection & Response

We proactively monitor your systems and networks from our SOC to act upon your threats adequately.

Read More>

Audit & Control Services

We assess the accuracy, reliability and effectiveness of your information security.

Read More>


Red teaming

We simulate your biggest threats in terms of business, bytes and behaviour.


Read More>

State of Security Assessment

We assess and test your information security and develop your cyber security roadmap.

Read More>

No resources?

Leave your Cyber security to us!

Frequently Asked Questions

We can imagine that you have many questions. You can always contact us to learn more. Below are a few examples of questions that we can investigate further with you.

When Is A SOC-CMM Assessment Needed for My Organisation?

If you have a (partially) in-house Security Operations Center or are in the process of setting this up, periodic SOC-CMM assessments can provide you value in providing the right insights to set up or improve your SOC’s maturity and capabilities. The assessment is also often used to create a SOC Target Operating Model (SOCTOM) in which short- and long-term goals are drafted for the SOC and which is often used as inspiration for year plans.  


What type of SOC-CMM assessments do you perform?

We differentiate the initial (baseline) assessment from the periodic progress assessments. In general, we differentiate the following assessment types, both for initial as progress assessments: 

  • Quick scan: We select the most crucial elements of the model for your situation and perform a high-level scan. This type is useful when building a SOC or when the SOC is small.  
  • Scoped assessment: The purpose of a scoped assessment is to gain insight into a particular element or set of elements within the SOC. For instance, only the business or technology domain would be assessed. This is useful when there are concerns regarding some of these elements or when most of the SOC tasks are outsourced. 
  • Full assessment. The purpose of a full assessment is to determine strengths and weaknesses of all aspects of the SOC. All full assessment provides insight into all aspects in the SOC-CMM model and generates the most detailed results and recommendations. 
How long does a SOC-CMM assessment take?

How much time we need for this type of assessment depends fully on the assessment type and scope chosen. For a full baseline assessment, we usually need around 3 working days of interviews with different stakeholders and employees of the SOC, but a QuickScan can be done in half a working day.  

We are here for you

Need help with your cyber security or wondering how secure your business really is?
Get in touch and we will help you find the best solution.