Information Security Best Practice: what to look for when choosing a consultancy partner
Information Security Best Practice: what to look for when choosing a consultancy partner
Your business takes its cyber and information security obligations seriously. But can the same be said of your partners? When appraising potential consultants and service providers, these are the trust indicators to look for.
Avoiding exposure: What makes a technology consultancy a potential infosec weak point?
What attributes do you look for when choosing a consultant to work with? Inside-out knowledge is a must-have. So, too, is responsiveness; you need a partner who ‘gets’ what you need and will work with you to deliver it. And especially when it comes to digital transformation, most decision-makers also want to see clear evidence of program success: “This is a significant move for our company, so can this consultancy actually deliver what we are aiming to achieve?”.
Alongside this, information security is a further area you need to look closely at. With any technological consultancy arrangement, there is an element of handing over the keys to the kingdom or, at the very least, a back-and-forth flow of some sensitive information. Depending on the project, your partner will need detailed information about – and often, direct access to – critical systems, processes, and data.
Threat actors are all too aware of this. They know that when they successfully infiltrate a professional services provider, IT consultancy, or software implementation partner, it potentially opens a rich treasure trove, exposing sensitive data relating to each and every one of their target’s clients.
According to Security Magazine, third-party attack vectors are responsible for 29% of all breaches. Three quarters of these third-party breaches are linked to software products and technological services.
An estimated 60% of organisations use cyber security risk as a key factor when determining transactions and business engagements with third parties, which suggests that a significant minority may be failing to give it proper thought. When it comes to technology projects and process transformation, this risk needs to be on the radar of every business.
So how can you tell if a particular consultancy takes cyber risks and information security seriously? Here are the areas to focus on…
They Have the Right Accreditations
To understand your business, your consultant will need to see items such as your business process maps, details of internal procedures, information on existing system priorities and vulnerabilities, and more general information linked to your future and growth strategies. Once the project is underway, they may need to move or process segments of your data across multiple locations or export it for analysis or testing. Obviously, you do not want this to fall into the wrong hands.
Look for consultancies that have been independently verified as having what it takes to keep your information safe. Probably the single most valuable trust indicator here is ISO 27001. If your consultant has an up-to-date ISO 27001 certification, it shows they have an effective ISMS (information security management system) in place. This means the following:
- The consultancy has identified the risks to which its information assets – and clients – are exposed.
- It has appropriate measures (i.e., controls) to protect those assets.
- It has a clear action plan in case of an information security breach.
- It adheres to clear accountability and auditability principles: i.e. you know exactly who the individuals responsible are for each step of the information security process.
They Embrace Security by Design
Security by Design (SbD) means that security is considered an integral part of a project at the beginning rather than being layered in later as an afterthought. It means that appropriate security measures are hardwired into new systems or processes at the outset, helping you avoid costly-post-deployment security fixes.
You can learn a lot about whether a particular consultancy takes SbD seriously by the questions they ask you as part of any initial needs appraisal process. The main point of this is to establish how you operate, what you want to achieve, and what needs to be done to help you reach your goals. At the same time, however, an SbD-focused consultant should also explore areas such as the nature and sensitivity of the data you hold, who need access to it, and details of any specific regulatory frameworks that apply to your business. Right from this early encounter, a consultant should consider the information security risks your business faces and factor them into their proposals and recommendations.
They Maintain Appropriate Safeguards
It’s easy for a business to claim that they prioritise information security. The proof is in the action they take. If a consultancy takes its responsibilities seriously, you should expect to see the following types of safeguards in place:
- The consultancy has an information security policy in place
- Regular security audits and risk assessments are carried out
- They follow a recognised information security framework (e.g. ISO 27001). They have up-to-date accreditation to demonstrate this
- There are clear measures in place to protect client data, including encryption for data at rest and in transit, access controls, and secure storage
- Special care is taken with personally identifiable information (PII) and other categories of sensitive data. This includes GDPR compliance
- If they need to do system or application testing using PII, this is anonymized or pseudonymized beforehand
- Access to client systems and data is closely managed. This includes the application of the principle of least privilege (PoLP)
- Auditability is taken seriously: they can track and log consultant access to client environments
- Care is taken to revoke access after project completion
- Appropriate DevSecOps practices are followed for software implementations
- Incident response and disaster recovery plans are both in place and verifiable. This includes clear procedures for notifying clients in the event of an information security breach
Millennium Consulting: De-Risking Your Business Transformation Journey
Reputation counts for a lot when it comes to information security. The same goes for longevity.
In its 30-plus years of operating, Millennium Consulting has delivered significant business transformation projects for hundreds of organisations, including businesses in some of the most tightly regulated sectors out there.
Our approach to information security is a big part of our success and longevity. Far from being an afterthought, cyber and infosec best practices are hardwired into everything we do.
To discover more about de-risking and successfully transforming your business, speak to us today.
Millennium Consulting Awarded ISO27001 & ISO9001 Certification
January 2025
Updating and re-validation of our ISO 9001 & 27001 certification to the globally recognised UK Government UKAS standard. The ISO 27001 certification now aligns with the latest ISO 27001:2022 standard.
Financials Focus: Year End Process Recording
Millennium Consulting Webinar Series
Financials Focus: Year End Process
Recording from Thursday 30th January 2025
This session covered:
- What is a year end process in Unit4 Financials by Coda
- Pre-requisites to a year end
- Provisional year end
- Undo year end
Phil Leaf
Principal Unit4 Functional Consultant at Millennium Consulting
Phil is one of the world’s leading experts in the use of Unit4 Financials, with over 25 years of experience providing strategic advice, project management, implementation, and migration services for clients across the globe.
Xledger Partnership Announcement
February 2025
Millennium Consulting is delighted to announce it has signed a Partnership Agreement with accounting and financial management software company Xledger.
Xledger is a cloud-based finance software designed to automate financial processes, provide real-time insights, and scale with growing businesses.
“We are excited to announce the Millennium and Xledger alliance, a partnership that combines the strength of our companies. This collaboration will leverage Millennium’s expertise and customer-centric capabilities to expand our customer portfolio while sharing 30 years of industry best practices with a broader client base. Together, we are poised to deliver innovative solutions that drive success for our clients.”
— Jeremy Lucas, COO, Millennium Consulting
Xledger offers a comprehensive cloud-based ERP solution that streamlines financial management, automating key accounting, budgeting, and reporting processes. Its multi-entity, multi-currency, and real-time capabilities empower businesses to enhance efficiency, gain valuable insights, and drive growth.
“We are thrilled to be working with Millennium Consulting, our accounting software and their expertise in the market will support so many businesses going through finance transformation. Alongside our company cultures naturally aligning, our joint passion for innovative technology, expert advice and supporting businesses to thrive is the making for a great partnership.”
— Phil Chalmers, Strategic Partner Manager, Xledger UK
About Xledger
Xledger is one of the most automated and unified ERP systems on the market, designed to streamline financial management and enhance business performance. With five offices globally, Xledger empowers tens of thousands of customers worldwide, delivering real-time reporting, automation, and seamless multi-entity, multi-currency capabilities across industries.
About Millennium Consulting
Millennium Consulting is a trusted partner in delivering tailored technology solutions to businesses, backed by 30 years of finance and ERP implementation expertise. With a focus on customer-centric service and industry best practices, Millennium empowers clients to optimise operations and achieve long-term success.
Millennium Consulting Awarded ISO27001 & ISO9001 Certification
December 2025
Confirmation of our re-certification for another 3 year period through to 2029, subject to annual assessments.
Updated and re-validation in January 2025
Updating and re-validation of our ISO 9001 & 27001 certification to the globally recognised UK Government UKAS standard. The ISO 27001 certification now aligns with the latest ISO 27001:2022 standard.
Updated and re-validation in January 2024
Updating and re-validation of our ISO 9001 & 27001 certification to the globally recognised UK Government UKAS standard.
Updated and re-validation in January 2023
Updating and re-validation of our ISO 9001 & 27001 certification to the globally recognised UK Government UKAS standard.
December 2021
Millennium Consulting passed another ISO 27001 & 9001 audit with flying colours!
In December 2021 the highly successful recertification process was completed with no nonconformities identified in the audit. With special thanks to Mike Deal and Andre Peter for ensuring that we continue to conform to ISO standards internally and externally.
February 2021
Millennium is proud to announce that during December 2020 we obtained ISO27001 & ISO9001 certification.
While adhering to ISO guidelines in recent years, in 2020 the decision was made to formalise this via accreditation. After an intensive 9 month period, we are delighted to announce that this goal has been accomplished.
By gaining ISO 27001 & 9001 certification, we continue to demonstrate our commitment to providing quality service, effective cost management and timely delivery to our customers while at the same time anticipating their demands. In future we will continue to review our management systems, policies and information security management processes to achieve our ongoing objective of providing the highest quality service to our clients. Finally, to maintain our ISO status, we will continue to invest in technology, development and processes so we can best serve you, our customers.
Millennium Consulting Named Sales Growth Partner of the Year by Unit4
January 2025
We are thrilled to announce that Millennium Consulting has been awarded ‘Sales Growth Partner of the Year' by Unit4
This recognition, presented at the Unit4 SKO conference in Amsterdam, celebrates our exceptional growth and the strength of our long-standing partnership with Unit4.
"We are delighted to be named Sales Growth Partner of the Year by Unit4. This award is a testament to our strong collaboration with Unit4 and our shared commitment to delivering exceptional ROI to our customers.”
— Jeremy Lucas, COO
This achievement reflects our teams’ dedication, expertise, and collaborative efforts. It also reinforces our unwavering commitment to fostering innovation and delivering outstanding results for our clients.
Why choose Millennium for Unit4?
We are an Elite Unit4 Partner with over a decade of experience working with Unit4 systems. That means we have the knowledge and expertise to design, implement and support the right Unit4 solution for your business. We also make it easy to extend your system, providing additional applications that allow you to augment and tailor your solution to meet your needs.
Millennium Consulting awarded four Unit4 Partner Awards
January 2025
Millennium Consulting awarded four Unit4 Partner Awards
We are pleased to share that Unit4 has awarded Millennium Consulting four partner awards: Elite Commercial Partner, Elite Financials Services Partner, Select ERP Services Partner, and Select FP&A Services Partner.
Millennium Consulting has proudly upheld its Elite Partner status with Unit4 since the launch of the global partner program in 2020. The program is structured across three levels, emphasising capabilities, contributions, and customer satisfaction. Elite Partners represent the highest tier, awarded to those who consistently demonstrate exceptional success with Unit4 and deliver outstanding results for shared customers.
“Our long-standing Elite Partner status with Unit4 is a testament to the dedication and expertise of our team across all regions we operate in. This recognition reflects our unwavering commitment to fostering a strong, collaborative relationship with Unit4 while consistently delivering exceptional results for our clients. We are proud to maintain this standard of excellence and look forward to continuing our successful partnership with Unit4.”
— Jeremy Lucas, Chief Operating Officer at Millennium Consulting
Why choose Millennium Consulting?
We are an Elite Unit4 Partner with over a decade of experience working with Unit4 systems. That means we have the knowledge and expertise to design, implement and support the right Unit4 solution for your business. We also make it easy to extend your system, providing additional applications that allow you to augment and tailor your solution to meet your needs.
Events
Nothing found.
Millennium+ for Unit4 ERP and ERPx
for Unit4 ERP and ERPx
Achieving long-term success with your Unit4 system requires more than generic support. In this blog post, Chris Peall, Director of Professional Services at Millennium Consulting explains how Millennium+ is a flexible, cost-effective framework that allows you to access precisely what your business needs to gain maximum advantage from your Unit4 solution.
Find out more
Get in touch to learn more about Millennium+ and explore putting together a cost-effective package that is fully aligned with your needs.
(Article written and published January 2025)
Financials User Group: Technical Accounting
Financials User Group
This event is only open to the Unit4 Financials User Group members. To find out how to join the User Group, please click the button below.
Technical Accounting Workshop
Presented by Millennium Consulting
Join the Financials User Group workshop on Technical Accounting.
Thursday 10th July 2025
Agenda:
- Intercompany
a. Destinations
b. Receivers
c. Forwarding
- Allocations
a. Standard
b. Intercompany
- Currencies & Revaluation
This event is only open to the Unit4 Financials User Group members. To find out how to join the User Group and attend this event, please click the button below.
Presented by
Phil Leaf
Principal Unit4 Functional Consultant at Millennium Consulting
Cloud ERP has gone mainstream
Cloud ERP has gone mainstream
Cloud ERP (Enterprise Resource Planning) is now mainstream thanks to its ability to address modern business challenges by providing scalability, flexibility and cost-effectiveness.
Unlike traditional on-prem ERP systems, cloud ERP eliminates the need for substantial hardware and infrastructure investment and pay-as-you-go pricing makes ERP accessible to businesses of all sizes.
Cloud ERP can scale up or down based on business needs, accommodating growth or seasonal fluctuations and employees can access the platform from anywhere, enabling remote work and global collaboration. It can be deployed much faster than traditional solutions, which reduces time to value and ERP providers manage software upgrades, ensuring businesses always have access to the latest features and security enhancements.
Cloud ERP is designed to integrate easily with other cloud-based applications, providing a unified technology stack so that businesses benefit from real-time insights and analytics, enhancing decision-making capabilities. Cloud providers also invest heavily in cybersecurity, often providing more rigorous protection than on-premise systems and leading providers will also ensure adherence to global and industry-specific compliance standards.
The shift to hybrid and remote working models has accelerated the need for cloud ERP systems, which provide access from any device with an internet connection. Cloud ERP supports rapid changes in business operations, making it ideal for companies that operate in dynamic fast moving industries. Cloud ERP providers embed advanced technologies such as AI, ML and predictive analytics, enabling intelligent automation and improved processes. Seamless integration with IoT devices enhances real-time operational monitoring and decision-making.
Cloud-based systems reduce the need for energy-intensive on-premise data centres, aligning with environmental sustainability initiatives. The combination of cost efficiency, adaptability and technological advancement makes cloud an attractive choice for businesses aiming to remain competitive in a fast-paced, digital-first world.
Isn’t it time you considered migrating to the Cloud?
To explore how you can make the Cloud a reality, speak with Millennium Consulting and we can share with you the benefit of our experience working with many of the world’s leading organisations on their Cloud journeys.
Unit4 Release Schedules 2025
Unit4 Release Schedules 2025
Unit4 Financial Planning & Analysis Release Schedule 2025
Please find below the preliminary release schedule of FP&A 2025
| 2025 | Non-production (Preview & Acceptance) | Production |
| Q1 | 18th March | 26th/27th April |
| Q2 | 17th June | 19th/20th July |
| Q3 | 16th September | 25th/26th October |
| Q4 | 9th December | 24th/25th January |
- Data Centre: SaaS Azure
- Product: U4FPA
- Deployment option: Shared, Dedicated
- Environment types: Preview, Acceptance, Production
Please note that this is a preliminary schedule and is subject to change.
ERR CR Release Schedule 2025
Please find below the preliminary release schedule of ERP CR 2025
| 2025 | Preview | Acceptance | Production |
| Q1 | 24th March | 21st April | 25th/26th May |
| Q3 | 22nd September | 27th October | 22nd / 23rd November |
- Regions: Worldwide
- Products: ERP CR
- Data Centre: SaaS Azure
- Deployment option: Shared, Dedicated
- Environment types: Preview, Acceptance, Production
| 2025 | Non-production (Preview & Acceptance) | Production |
| Q1 | 24th March | 26th May |
| Q3 | 22nd September | 24th November |
- Regions: Nordics
- Products: ERP CR
- Data Centre: Nordics
- Deployment option: Public, Dedicated
- Environment types: Preview, Acceptance, Production
Please note that this is a preliminary schedule and is subject to change.
A detailed overview of the release scope and hourly schedule will be published after the official Release announcement on Community4U.
Unit4 Financials by Coda Continuous Release
Please find below the preliminary release schedule of Unit4 Financials by Coda 2025
| 2025 | Preview | Acceptance | Production |
| Q1 | 18th March (R1)
22nd/23rd April (R2) |
25th March (R1)
7th/8th May (R2) |
24th/25th May |
| Q2 | 17th June | 24th June | 19th/20th July |
| Q3 | 16th September | 23rd September | 25th/26th October |
| Q4 | 9th December | 16th December | 24th/25th January |
- Data Centre: SaaS Azure
- Product: U4F
- Deployment option: Shared, Dedicated
- Environment types: Preview, Acceptance, Production
Please note that this is a preliminary schedule and is subject to change.
Unit4 ERPx Release Schedule 2025
Please find below the preliminary release schedule of ERPx 2025
| 2025 | Non-production (Preview & Acceptance) | Production |
| Q1 | 17th March from 5.00 am to 5:00 pm UTC – United States/Australia/ Norway
18th March from 05.00 am to 5:00 pm UTC – Europe/United Kingdom/ Canada |
26th April from 5:00 pm to 27th April 05.00 am UTC – all regions |
| Q2 | 16th June from 05.00 am to 5:00 pm UTC – United States/ Australia/ Norway
17th June from 05:00 am to 5:00 pm UTC – Europe/United Kingdom/ Canada
|
19th July from 5.00 pm to 20th July 5.00 am UTC – all regions |
| Q3 | 15th September from 5.00 am to 5.00 pm UTC – United States/Australia/ Norway
16th September from 05:00 am to 5:00 pm UTC – Europe/United Kingdom/ Canada
|
18th October from 5.00 pm to 20th July 5.00 am UTC – all regions |
| Q4 | To be updated | To be updated |
Please note that this is a preliminary schedule and is subject to change.
Source-to-Contract Release Schedule 2025
Please find below the preliminary release schedule of Source-to-Contract 2025
| 2025 | Non-production (Preview) | Acceptance | Status |
| Q1 | 12th March | 16th March | Planned |
| Q2 | 11th June | 15th June | Planned |
| Q3 | 10th September | 14d September | Planned |
| Q4 | 3rd December | 7th December | Planned |
- Regions: EU, Australia, Singapore
- Products: Source-to-Contract
- Data Centre: Amazon Web Services and Google Cloud Platform
- Deployment option: Shared
- Environment types: Non-production (Preview) & Production
Please note that this is a preliminary schedule and is subject to change.
Why choose Millennium for Unit4?
As an Elite Unit4 Partner with over three decades of experience in Change Management, we bring expertise in designing, implementing, and supporting the right Unit4 solution for your business. Unlock the full potential of your Unit4 solution by partnering with Millennium – your trusted transformation partner.