Compliance services
TSA compliance support from CyPro
This site is run by CyPro, the UK cyber security consultancy, and this is the page where the explaining stops and the help starts: gap analysis, remediation delivery and ongoing compliance for telecoms providers and their suppliers, scoped to your tier and priced to your estate.
The engagement
Six phases, from gap to evidence
The same methodology CyPro runs for its TSA compliance clients, led by practitioners who have built security functions inside regulated organisations.
Gap analysis
Your estate assessed against the duties and the code measures that apply to your tier: what exists, what is partial, what is missing, and what evidence would survive an Ofcom information notice.
Remediation planning
Findings sequenced into a delivery plan aligned to the waves: quick wins first, the long-lead builds (PAM, PAWs, monitoring) started early, costs phased sensibly.
Policy and governance
Security policies, board-level risk ownership and the accountability structure the Act expects, written for your organisation rather than copied from a template.
Technical implementation
Hands-on delivery of the controls: privileged access, monitoring architecture, signalling protection, supply chain controls, drawing on CyPro's engineers and the wider team.
People and competency
Training and competency development mapped to the code's expectations, so the capability survives staff turnover and audit questions.
Ongoing compliance
Continuous monitoring of your position as waves land and the code evolves, with evidence captured as you operate rather than reconstructed under pressure.
Honest pricing
What drives the cost
Compliance programmes in this space are scoped, not price-listed, because the four factors below move the number more than anything on a rate card. The discovery call gives you a firm scoped quote, free, and the government's own revised-code impact estimates (£1.9m to £3.2m one-off per affected provider) are a useful anchor for what DIY at Tier 2 scale really involves.
Get your custom quote
Your tier and scope
A Tier 2 operator with national infrastructure and a Tier 3 supplier facing flow-down clauses need very different programmes.
Estate and legacy
Network size, virtualisation maturity and how much end-of-support equipment needs replacing or exit-planning.
What you already have
Existing PAM, monitoring and governance shrink the programme. The gap analysis gives credit for everything that genuinely works.
Timeline pressure
Starting a March 2027 build in 2026 is a planned programme. Starting it in late 2026 is a compressed one, and compression costs more.
Quick answers
Working with CyPro
How much does TSA compliance support cost?
It is scoped to your tier, estate and starting point, so we quote per engagement rather than publishing a price list. For context on the scale of the wider challenge: the government's own impact estimates for the 2026 revised code put one-off costs at £1.9 million to £3.2 million per affected provider, with £285,000 to £445,000 a year ongoing. Specialist support exists to make sure your version of that spend lands on the measures that matter, in the right order.
How do we demonstrate compliance to Ofcom?
With evidence: records of risk assessments, implemented measures mapped to the code, test results, governance minutes and the ability to answer information notices without a scramble. Our engagements capture that evidence as the work is delivered, because reconstructing it later is the expensive way.
Can you run the ongoing monitoring the code requires?
Yes. The 24/7 monitoring, SIEM and threat hunting capability the March 2027 wave expects is exactly what CyPro's managed detection and response service provides, delivered by UK analysts. It slots into a compliance programme as the operational layer, with the compliance evidence generated as a by-product of running it.
Proof over promises: see the case studies.
Scoped in one call
Get a firm quote for your compliance programme
A free 45 minute discovery call establishes your tier, your gaps and your sequencing, and ends with a scoped proposal. No obligation.