Securing RMI's Digital Frontiers

Remote Medical International now operates as a multimillion-dollar global company providing customers with medical support services, supplies, and much more

Book free call with our team

these businesses trust in benchmarked to stay secure, compliant, and in control

Successful Certification

RMI achieved Cyber Essentials Plus, meeting NHS procurement requirements.

Security Maturity

Established a clear cybersecurity governance structure and improved risk mitigation protocols

Compliance Readiness

Built scalable compliance practices applicable to other frameworks like ISO 27001

How we uncovered critical gaps at RMI

Remote Medical International (RMI) is a provider of comprehensive medical and safety services for complex and remote environments. With a presence across the UK and the US, RMI supports government contracts, NGOs, and commercial clients by ensuring the health and cybersecurity of deployed teams.

The Problem #1

International and remote organization complexities

RMI needed to obtain Cyber Essentials Plus certification to meet stringent security requirements for government contracts—specifically with the NHS Countess of Chester Trust—while also elevating its internal cyber posture. The goal was twofold: gain compliance and improve real-world cyber resilience across a globally distributed workforce.

Key Issues Identified

  • Incomplete security policy documentation (e.g., risk management, removable media, backups).
  • Gaps in monitoring, patching, and administrative access protocols.
  • Gaps in cybersecurity; outdated antivirus system, no XDR in place, no DLP system in place.
  • Need for formal training programs and role-based access policies.
  • A mix of cloud services and BYOD devices that increased the complexity of scope.

Book a call

The Real Problem

Everything on the line...

Together, these issues made RMI vulnerable:

  • Data breaches and reputational damage

  • Regulatory non-compliance 

  • Loss of big clients, tender participation, reputation

  • Internal misuse and external hijacking of privileged accounts

Book a call

The Solution

Gap Analysis and review

Benchmarked provided a comprehensive Cyber Essentials Plus readiness service, structured in three phases:

Cyber Gap Analysis & Policy Overhaul

We conducted a detailed comparison between RMI’s existing cybersecurity controls and the Cyber Essentials Plus framework :

  • Documentation & Policy Mapping: Created or revised over 20 cybersecurity policies including:
    • Risk Assessment and Vulnerability Management
    • Secure Configuration & Software Installation Control
    • Access Control and Privilege Management
    • Information Security Governance
  • Personnel & Awareness Measures: Defined roles and responsibilities, enforced security training, and formalized disciplinary procedures.

Book a free call

The Solution

Infrastructure hardening and implementation

Infrastructure Review & Hardening

A rigorous infrastructure assessment included:

  • Device and Network Inventory:
    • Reviewed 50+ end-user devices, with detailed OS versioning and configurations.
    • Documented all network equipment including firewalls (e.g., SonicWall TZ470), switches, and access points.
  • Cloud & SaaS Exposure Mapping:
    • Identified over 30 cloud services (e.g., Microsoft 365, Salesforce, AWS, Concur).
    • Reviewed shared responsibility models and vendor security commitments.
  • Endpoint Security Measures:
    • Enabled software firewalls and patching automation across all devices.
    • Implemented multi-factor authentication (MFA) and network IDS/IPS capabilities.

Assessment Preparation & Certification Support:

  • Prepared detailed Cyber Implementation Plan (CIP) addressing all “Not Met” controls.
  • Implemented all solutions and requirements
  • Ensured full coverage of remote and home-office workers.
  • Coordinated with IASME-accredited certification body for audit scheduling and remediation.

Book a call

The Results

What did Benchmarked actually do for RMI?

We delivered a full-service Cyber Essentials Plus readiness program. This included a deep-dive gap analysis, rewriting 20+ cybersecurity policies, hardening infrastructure (covering over 50 end-user devices and 30+ cloud services), full implementation of all CE+ requirements:

  1. Firewalls & Internet Gateways

    • Boundary and device firewalls must be configured to block untrusted access.

    • Only essential inbound/outbound ports should be open.

  2. Secure Configuration

    • Devices and software must be securely configured (e.g., disable unnecessary services, remove default accounts).

    • Admin privileges must be tightly controlled.

  3. User Access Control

    • User accounts must be assigned based on the principle of least privilege.

    • Admin accounts must be used only when necessary.

    • MFA is required for all cloud services.

  4. Malware Protection

    • Endpoint devices must have anti-malware tools (e.g., AV, application allowlisting, or sandboxing).

    • Only trusted software should be executable.

  5. Security Update Management

    • All software and firmware must be kept up to date.

    • High/critical updates must be applied within 14 days.

… and hands-on support through certification with IASME. Our work helped RMI meet NHS contract requirements and significantly mature their security posture.

Why was Cyber Essentials Plus important for RMI?

It was essential to maintain eligibility for government contracts—especially with the NHS Countess of Chester Trust. Beyond compliance, RMI needed to enhance protection for a globally distributed workforce using mixed devices (BYOD, corporate) and cloud platforms.

How did Benchmarked handle RMI’s remote and complex setup?

We mapped all in-scope systems—including home-office devices and international endpoints—and established controls like patch automation, MFA, and endpoint monitoring. We tailored the scope to reflect RMI’s operational model without creating unnecessary compliance friction. We also stepped in in fractional manner, but provided full service. This meant significant cost reduction for RMI.

What kind of policies did Benchmarked implement or revise?

Key policies included: Access Control, Risk Management, Secure Configuration, Incident Response, and BYOD Guidelines. All documents aligned with CE+ 3.1 requirements and were customized to RMI’s hybrid/cloud-first model. We also create asset registry list, and enabled real-time overview, which was previously not done, and partially done manually.

 

Today, RMI has all policies actually implemented, managed, maintained and automated.

What was the measurable outcome?

RMI successfully achieved Cyber Essentials Plus certification. Just as importantly, they now have clear governance, stronger infrastructure controls, and scalable practices for frameworks like ISO 27001.

Couldn’t RMI have achieved this certification on their own?

In theory, yes—but in practice, the depth of documentation, technical hardening, and audit prep required deep expertise and significant effort.

Our structured, accelerated approach avoided costly missteps and ensured success on the first attempt.

Isn’t Cyber Essentials just a checklist exercise?

That’s a common misconception. Cyber Essentials Plus involves technical audits, device testing, and validation of actual controls in place—not just paperwork. Achieving certification across RMI’s distributed, cloud-heavy environment was far more than ticking boxes.

What makes benchmarked’s approach different from others?

We go beyond minimum compliance. While others may offer templated policies or basic scans, we deliver tailored risk insights, real policy integration, infrastructure tuning, and stakeholder education. The result is certification plus long-term security value

Did this project really improve security, or just help pass an audit?

Both. The certification was the objective, but the process led to tangible improvements: tighter access controls, formalized governance, real-time patching, and centralized visibility. These improvements help protect RMI’s people, systems, and clients beyond the audit.

Is Cyber Essentials Plus enough to secure a business like RMI?

It’s a strong foundational framework, but not a silver bullet. However, with the added structure and controls we implemented, RMI is well-positioned to pursue more advanced standards like ISO 27001 or NIST CSF if needed.

COO's opinion

Working with Benchmarked was a game-changer for our cyber compliance journey.

They didn’t just help us tick boxes—they brought structure, clarity, and confidence to our entire approach. From policy overhauls to infrastructure hardening, their team guided us step-by-step through the complexities of Cyber Essentials Plus.

What stood out most was their ability to tailor everything to our operational reality: remote teams, global endpoints, mixed devices—it was all factored in. They were proactive, responsive, and genuinely invested in our success.

Thanks to Benchmarked, we didn’t just achieve certification—we strengthened our overall security posture and built a scalable foundation for future compliance frameworks.”

COO, Alex Jenzen

Remote Medical International (RMI)

Talk to our team

Why choose us

At benchmarked, we specialize in connecting; IT data, financial structure, and strategic impact. Our methodology bridges the gap between spreadsheets and executive decisions by:

We don’t just help you “pass the audit.”

We embed ourselves in your operations, implement the changes with you, and guide your team through what matters, what to prioritize, and where the trade-offs lie—so compliance actually improves your security, not just your paperwork.

Diving deep into cost structures, contracts, and utilization

Previously, RMI was paying over 50% more, for less quality service

Translating raw IT data into actionable business insights

IT cost optimization isn’t about cutting corners — it’s about making sure every dollar spent serves a purpose.

Case studies.
Hear what others have say.

Sidra Medicine

  • €12M annual savings in IT costs.
  • Strengthened compliance and governance.
  • Enhanced cybersecurity and data-driven insights for leadership.
‘’Many thanks Mat. Really appreciate your team’s hard work over the last few months. This has not been an easy task’’
Dr. S.Iyabo Tinubu-Karch, MD MHA

Chief Executive Officer, Sidra Medicine

Remote Medical International

  • ISO 27001 and CyberEssentials+ Certification
  • 45% > IT cost optimization
  • Enhanced resilience with optimized DR and backup strategies.
‘’These certifications are a testament to the hard work, dedication, and collaborative efforts’’
Claire Todd

QHSE Manager

EKWB

  • Complete visibility of IT assets.
  • Improved security with MFA and device management.
  • Optimized IT infrastructure and reduced complexity.
‘’Thank you Matt for your and team’s work!’’
Matic Susnik

Sales Director (B2B)

4.9

All chances are you'll impressed too.
Visit Clutch.com

5.0

Many thanks Mat. Really appreciate your team's hard work over the last few months. This has not been an easy task.

Dr. S.Iyabo Tinubu-Karch
CEO Sidra Medicine

4.5

RMI being ISO 27001 and 14001 certified. These certifications are a testament to the hard work, dedication, and collaborative efforts of everyone.

Claire Todd
QHSE Manager, RMI

4.3

Thank you for your outsdanding work without any setbacks.

Devid Palcic
CEO Robotina

Start Your Journey

We’re not just compliance auditors. We’re your IT transformation partner—helping you gain full visibility, reduce risk across people and systems, and turn security from a burden into a business enabler.

from

4.900 eur

Time is money. Save both. Book a Free Strategy Call With Our Experts.
Gap Analysis & Readiness Review
Policy Development & Documentation
Infrastructure Review & Hardening
Staff Training & Awareness
License & Vendor Optimization
Quick Wins (low-effort savings initiatives)
Book a Free Discovery Call
No lock-in. Fixed fee. Zero risk.