Clients, Partners & the Supply Chain

Our valued clients, end clients, partners and suppliers include HMG Departments and their Supply Chains

darker blue fave london .png
London Reflections



To play, press and hold the enter key. To stop, release the enter key.



2004 - 2021


Evidence of Compliance

We are a major UK Government supplier. I need to provide evidence of compliance with our contract and the Schedules including 2.4,  following a partner organisation's widely-publicised breach. 

Breach of Contract

Contractual clauses

Our largest client has advised us we are in breach of contract due to a lack of evidence of compliance with contractual cyber security requirements. I need a review of our contractual obligations.

Supply Chain Lead

Review and assessment

I'm accountable for security in our supply chain. I need a trusted expert to lead a complex programme to determine the current level of risk from our suppliers' level of security compliance including Cyber Essentials controls, NCSC's 10 Steps and ISO27001



I'm accountable for our cyber security and data protection risks. I'm aware we have achieved ISO27001 certification but a potential client has questioned the scope of our SOA and GDPR compliance. I need a trusted review of our current position.

Global Risk Owner

Serious incident

I've been summoned to our HQ following a serious incident. I need a trusted expert to help me understand the potential consequences of what happened, what should have prevented it, what risk mitigation we have in place today and what changes we can implement relatively quickly.

Cyber Risk Owner 


I'm now responsible for cyber security in our department. I need to understand what we should be doing (mandatory requirements) and who should be doing it (roles and responsibilities). 


Supply Chain Securiy

One of our suppliers has advised us of a  recent security incident. I need someone to liaise with all key stakeholders in the supply chain, lead the investigation at a senior executive level and explain to me what has happened, what the potential impact is and what our options are going forward.

Investigation Owner

Internal investigation

I'm responsible for cyber security risk for our department. A member of staff recently reported an internal security breach to me and I need assistance from a trusted expert. We may need to report the incident to the police and initiate legal proceedings.

Accountable & Liable

Compliance and investigation

I've been advised a member of staff is responsible for a breach of security which must be reported to our Government client, the ICO and potentially law enforcement. I need a second opinion. 



Lockcode's CEO and Founder, Samantha, started her specialist infosec career as a Research Scientist for the UK Defence and Evaluation Research Agency (DERA) over 21 years ago, and has over 38 years’ experience in science, technology and engineering.

Samantha Sanderson

BSc (Hons), LCCP, MIET



Sam has provided specialist technical security consultancy and coaching services to Government departments and their supply chains in the defence, intelligence, central government, law enforcement and the regulatory environment. She also provides specialist coaching and mentoring services for existing and aspiring information and cyber security leaders. 


She has achieved specialist HMG security certifications during her infosec career including CESG (formerly part of GCHQ) Listed Advisor Scheme (CLAS) and is one of the few National Cyber Security Centre (NCSC) Certified Professional Security and Information Risk Advisors (SIRA) at the Lead level.



In 2015 and 2016 Samantha delivered the HMG-funded role of Cyber Security Small Business Champion, delivered through techUK, addressing the barriers faced by small cyber security businesses in the supply chain.


Through her company, Lockcode, Samantha also authors online  NCSC Certified Training  courses and packages, designed to help busy executives understand and tackle the challenges of cyber security leadership and governance. 



She is also the founder of  South East Cyber  (SECyber), a not-for-profit organisation providing free cyber security training, education and awareness workshops to SME business leaders in the South East of England. SeCyber speakers and advisors have included DCMS and other Government departments, techUK, Surrey and Sussex Cyber Crime Unit, South East Regional Organised Crime Unit, Cyber Security Challenge, Barclays Bank, Knowledge Transfer Network, investors and industry.

NCSC Certified Training

Screenshot 2019-09-05 at 12.20.46.png

NCSC Certified Training

Introduction to Cyber Security Leadership and Governance

Digital social media

NCSC Certified Training

The Cyber Threat to UK Businesses

Image by Goh Rhy Yan

NCSC Certified Training

Risky Business: Managing your Information Risk