The client
FreshWave builds and operates connectivity infrastructure: precisely the kind of business the UK’s telecoms security regime exists to protect. In this world, security cannot live in a policy folder. Buyers, auditors and regulators all expect to see it working, and each of them asks for proof in a different way.
The engagement
CyPro was brought in to take the security management programme from ambition to evidence. One senior practitioner owned it end to end, assessing FreshWave against ISO 27001 and Cyber Essentials Plus in a single pass, building the information security management system around how the company actually delivers infrastructure, and drawing on CyPro’s testers and engineers wherever the work turned technical. The explicit goal: practices the business would still be running, and still able to evidence, at every future renewal and review.
The result
Both certifications were achieved, and the commercial return arrived quickly through new public sector work where those credentials are the entry ticket. More durably, FreshWave now operates security it can demonstrate on demand: the discipline that certification audits test, and the same discipline that telecoms security regulation increasingly expects of every provider and supplier in the chain.