About the Practice
Who We Are
KIXK Systems Ltd is a specialist digital security consultancy registered in England and Wales, built specifically around the needs of UK professional services firms — not enterprise clients, not government contracts.
We exist because most small law firms, accountancy practices, and recruitment agencies have genuine, measurable security gaps that a generalist IT company will never prioritise. We do nothing else.
Every engagement is handled directly. You are never passed to a junior analyst or an offshore team. The person who assessed your domain is the person who fixes it.
4
Core sectors served: Conveyancing, Accountancy, Law, Recruitment.
12
Month minimum retainer term. Structured, sustained protection.
100%
Passively sourced findings before any engagement begins.
0
Active scans performed without a signed engagement letter.
Our Approach
Before we contact any prospective client, we run a passive public-facing check using only openly available tools — MxToolbox, Shodan, HaveIBeenPwned, and crt.sh. No access is requested. No systems are touched.
If we find something worth flagging, we send a short, specific note explaining what we found. There is no obligation. There is no pitch in that first contact.
Active scanning — Nmap, Nuclei — is only ever run after a signed engagement letter and explicit written consent for the named IP ranges. This is non-negotiable and reflects our interpretation of the Computer Misuse Act 1990.
We run public-only checks on your domain: DMARC, SPF, DKIM, open breach data, and Shodan-cached port exposure. No consent required. Fully legal.
A 15–20 minute Zoom call. We show you exactly what we found. You ask questions. No pressure. No jargon without an immediate plain-English explanation.
A full engagement letter covering scope, liability cap, data handling, and explicit consent for active scanning. Reviewed by a solicitor. Your protection as much as ours.
We fix what we find: DMARC enforcement, MFA rollout, open port closure, password manager deployment. A plain-English PDF report is delivered at the end.
Ongoing monthly monitoring, quarterly phishing simulations, and a compliance report your cyber insurer accepts at renewal — sustained across a structured 12-month term.
How Contracts Are Formed
Every engagement begins with a signed engagement letter before any work is carried out. This letter defines the precise scope of work, the systems in scope, the limitation of liability, and explicit written consent for any active scanning activities.
Retainer engagements operate on a 12-month contract term. This ensures that security coverage is sustained, monitored, and continuously improved rather than treated as a one-off exercise. The 12-month structure also aligns with most cyber liability insurance renewal cycles, making it straightforward to demonstrate ongoing compliance to your insurer.
Either party may terminate with 30 days' written notice at the natural end of a contract term. Early termination conditions are set out in full in the engagement letter.
1. Discovery Call — We establish scope, systems, and expectations. No commitment at this stage.
2. Engagement Letter Issued — We send a full written engagement letter covering scope, liability, data handling, consent to scan, and governing law.
3. Signed by Both Parties — The contract is formed only upon countersignature. Work begins after this point.
4. 12-Month Retainer Term — Ongoing retainer engagements run for a minimum of 12 months, renewable by mutual agreement.
5. Termination — Either party may terminate with 30 days' written notice at the end of a contract term. Full conditions are in the engagement letter.
Credentials
KIXK Systems Ltd is a registered UK Limited Company (No. 17244535) incorporated in England and Wales. We operate as an ICO-registered Data Controller, required under the Data Protection Act 2018 for any business processing personal data for direct marketing.
We carry Professional Indemnity and Cyber Liability insurance — both active before any client engagement begins. Our work is framed around NCSC Cyber Essentials, the baseline standard that UK cyber liability insurers now check at policy renewal.