The situation
Public sector procurement was where FreshWave wanted to grow, and public sector buyers ask two questions early: do you hold ISO 27001, and do you hold Cyber Essentials Plus? For a connectivity infrastructure business, the certificates had to be more than a badge. They needed to describe how the company genuinely operates, or the first audit renewal would expose the gap.
How the CyPro team approached it
A senior CyPro practitioner took single-owner accountability for the whole programme. Both standards were gap-assessed together, the management system was shaped around FreshWave’s real processes rather than a template, and the team was coached through what assessors would actually probe. Where the work needed deep technical hands, penetration testers and engineers from the wider CyPro bench picked it up.
What changed
FreshWave passed both assessments, and the commercial effect was immediate: new public sector contracts cite the certifications that unlocked them. Security moved from a cost line to part of the sales story, and the practices underneath the certificates are ones the business can sustain through every renewal cycle.