The starting point
FreshWave’s growth strategy pointed at public sector procurement, where two assurances dominate tender checklists: ISO 27001 and Cyber Essentials Plus. For a connectivity infrastructure company, a certificate that did not reflect real operations would be worse than none, because surveillance audits and renewal cycles expose the gap in front of the very buyers it was meant to win.
The approach
A single senior CyPro practitioner carried the programme. One gap assessment covered both standards, the ISMS was designed around FreshWave’s genuine ways of working rather than a purchased template, and the team rehearsed the questions certification auditors actually ask. Where remediation needed deep technical hands, engineers and penetration testers from CyPro’s wider bench stepped in without handover friction.
The outcome
Both assessments passed, and the commercial return arrived quickly: new public sector contracts cite the certifications directly. Underneath the certificates sit practices the business sustains as routine, which is why each surveillance audit since has confirmed the system rather than challenged it.