covers the security layers (centralised storage, encryption, MFA, conditional access, data-movement controls, patching, EDR) and ties them to Cyber Essentials, ISO 27001, UK GDPR, NHS DSP, SRA, PCI DSS — the frameworks buyers actually need to satisfy.