We make sure you pass.
A 12-point scored audit, a closure plan, and an outcome-guaranteed managed IT and cyber security service. Built for London firms under audit pressure.
You don't have an IT problem.
You have a proof problem.
Most London firms don't call us because the helpdesk is slow. They call us when someone important is about to look at their IT and they can't answer the questions with confidence.
An FCA supervision visit. An ISO 27001 audit. A PE buyer running due diligence. A new enterprise client demanding a security questionnaire. An insurer asking how you handle cyber threats and downtime. Each one turns "we think we're fine" into "we need to prove it, this week."
If your current IT provider sends you a monthly ticket report but can't hand you a scored, evidenced position against the standards your regulators and buyers care about, you don't have a managed service. You have a helpdesk with a subscription.
"The board wanted the evidence pack. The MSP sent the ticket queue. That's the gap Root.12 was built to close."
We're not generalists.
We're the IT partner for firms that get audited.
We know the moment
We've sat in the room when the Consumer Duty question lands with no answer. We've watched a £40m enterprise deal slow down over one security questionnaire. We know what a PE DDQ does to your team's week. The "oh God, what do we actually have in place" moment is the moment we exist for.
We've earned the authority
Support Tree has supported FCA-regulated firms for over a decade. We're Cyber Essentials Plus certified ourselves and run a proactive cyber security service against every client quarterly. We publish our methodology. Root.12, our own 12-point audit framework, runs against every engagement. We are asked about our own controls as often as we ask about yours.
Managed IT Support Services for FCA-Regulated and Audit-Ready Firms
We don't work with companies whose IT answers to no-one but themselves.We work with the ones whose insurer, clients or regulator expect proof their data is safe.
Root.12 is a 12-point audit.
Three pillars. One scored picture.
We score your IT against the standards your insurer, your clients and your regulator actually test against. You get a written report colour-coded across twelve control areas, a closure plan, and an outcome-guaranteed managed service that keeps you audit-ready and resilient between inspections. Real cyber resilience, not paperwork.
Your team, access controls, security awareness and human risk.
Your infrastructure, endpoints, cloud, backup and recovery.
Your policies, compliance posture, audit readiness and strategic alignment.
Discovery → Audit → Recommendation → Onboarding
We diagnose before we prescribe. The full process, and the 12-area framework behind it, lives on the Root.12 framework page. From first call to going live, the journey is seamless.
The London businesses we work with all share one problem.
Someone important is about to inspect their IT.
Financial services, professional services, regulated industries. Every sector below shares the same audit pressure.
Your own LP DDQs, your portfolio companies' technical due diligence, and your investor reporting all need a defensible IT position. We give you one.
FCA supervision, Consumer Duty and DORA don't care how fast your helpdesk is. They want proof of control. We build and maintain it.
ISO 27001, SOC 2 and every enterprise security questionnaire stand between you and your next big deal. Root.12 is the shortest path through them.
ICAEW/ACCA inspection, cyber insurance renewal and HMRC data-handling expectations all land on your IT. We make the answer ready before the question.
MHRA, ISO 13485, GDPR, enterprise buyer diligence. When compliance is the gate between you and your market, IT can't be the thing that stalls you.
SRA, LEXCEL and enterprise client security contracts are non-negotiable. We keep the evidence pack standing so you can win the work, not explain the gap.
Every Root.12 package is delivered under our outcome guarantee. Cyber Essentials and CE+ first time, or we fix it free. Full policy on the Packages page.
Real words from real operations people
Anyone can write polished website copy. These quotes are from operational people - the ones living with day-to-day IT, security and continuity. They reflect what matters when the systems matter.
"Support Tree made compliance tangible. We went from guessing to knowing - and that gave our board the assurance they'd been asking for."
Operations lead
London Insurance Firm
"Root.12 gave us the evidence we needed to win enterprise deals. The security questionnaires stopped being a three-week scramble."
Head of operations
FCA-regulated wealth manager
"They understood our world from day one. When the DORA conversation started, we already had the answers."
COO
Manchester Fintech
"The quarterly Root.12 review is the one management report I actually look forward to. Every number means something."
Finance director
London Medtech
At Support Tree, we’re proud to deliver secure, dependable, and proactive IT services to London’s leading businesses.
These verified Google Reviews reflect the trust our clients place in us to keep their systems running smoothly, their data protected, and their teams productive.
Questions sensible businesses ask
before changing IT provider
These are the questions we hear most often from regulated firms, professional services teams and growing businesses that want stronger IT without adding chaos.
Compliance IT support is managed IT built around the standards your regulators, investors and enterprise buyers actually test against - not just uptime and a helpdesk. It means your cyber controls, Microsoft 365 configuration, backup strategy, device policy and access management are all designed and maintained to satisfy Cyber Essentials, Cyber Essentials Plus, ISO 27001, FCA SYSC, DORA, SOC 2 and similar frameworks.
Standard managed IT keeps you working. Compliance IT support keeps you provable. At Support Tree, every client is scored quarterly against our Root.12 framework so you always have the evidence pack ready when an audit, insurance renewal or enterprise security questionnaire lands.
Generic health checks tell you if your IT is working. Root.12 tells you whether you'd pass an audit. We score 12 control areas against real regulated standards (FCA SYSC, SRA, ISO 27001, Cyber Essentials, SOC 2, DORA). Not an internal checklist. You get a written report, a closure plan, and a guarantee backing it.
We work with companies that care about their security and want ongoing proof of it. In practice that's firms whose insurer, clients or regulator are asking the question - typically PE/VC, wealth management, fintech, accountancy, MedTech and law firms. If nobody's asking, we're likely not the right fit. If somebody is, we are.
Cyber Essentials is a baseline security certification based on self-assessment. Cyber Essentials Plus adds vulnerability assessments and hands-on testing by an auditor. Independent evidence that attackers can't break in. For regulated firms and enterprise sellers, Plus is the expected standard. We deliver and maintain whichever your buyers and regulators require.
Yes. We often work with an internal resource, where we work together to provide strategic security direction and support.
It depends on your size, your sector and the depth of evidence you need. A typical Root.12 managed IT service for a 25-30 user London business sits in the £2,400-£4,300 per month range, which buys you a proactive service provider that owns the outcome, not just the helpdesk. A discovery call gets you a precise figure within 48 hours.
Foundations onward starts at £750 / month. The minimum spend reflects the cost of delivering the framework properly, not just answering tickets. We won't quote until we've seen the productivity and security pressures your team actually feels.
We would rather say this now than waste your time on a call.
- Firms whose only criterion is the lowest possible monthly cost.
- Firms where compliance, client DDQs and cyber insurance simply are not on the radar.
- Firms that cannot commit to the minimum spend yet.
- Firms that want ad-hoc IT without a framework behind it.
Foundations onward starts at £750 / month. Launch is by application, for funded scaling start-ups.
Ready to see where your IT actually stands?
Book your free discovery call. 30 minutes. We'll map your current stack, your inspectors, and your top three exposures. You leave with a written view - whether you hire us or not.
We onboard a small number of new clients each quarter. Book a discovery call to see if we're a fit.