Why certification mattered
FreshWave’s growth plan ran through public sector procurement, and two certificates come up in almost every such tender: ISO 27001 and Cyber Essentials Plus. A connectivity infrastructure company cannot treat either as decoration. If the controls behind the certificates do not match how the business really runs, the gap surfaces at the first renewal, in front of the customers the certificates were meant to win.
What CyPro did
One senior practitioner carried accountability for the entire programme. The gap assessment covered both standards in a single pass, the management system was built around FreshWave’s actual ways of working instead of a bought-in template, and the team rehearsed the questions assessors genuinely ask. When remediation needed specialist hands, engineers and penetration testers from the wider CyPro bench stepped in without a handover tax.
The result
Both assessments passed, and the certificates started paying for themselves almost immediately: new public sector contracts cite them directly. Just as importantly, the controls underneath are sustainable, so each annual Cyber Essentials Plus cycle and ISO surveillance audit confirms the same practices rather than triggering a scramble.