The challenge
FreshWave, a connectivity infrastructure provider, was targeting public sector work where ISO 27001 and Cyber Essentials Plus are frequently the price of entry. The business needed to achieve both certifications credibly, and to embed the security practices behind them so they would survive an audit and a renewal cycle.
What we did
vCISO leadership gave FreshWave a single accountable owner for the certification programme: assessing gaps against both standards, building the management system around how the business actually works, and preparing the team for assessment. The wider specialist team handled the deep technical verification work as it arose.
The outcome
FreshWave achieved ISO 27001 and Cyber Essentials Plus, and the certifications did commercial work from day one, directly supporting new public sector contract wins. Security spend became revenue enabling, which is exactly how it should be.