Compliance services

TSA compliance support from CyPro

This site is run by CyPro, the UK cyber security consultancy, and this is the page where the explaining stops and the help starts: gap analysis, remediation delivery and ongoing compliance for telecoms providers and their suppliers, scoped to your tier and priced to your estate.

The engagement

Six phases, from gap to evidence

The same methodology CyPro runs for its TSA compliance clients, led by practitioners who have built security functions inside regulated organisations.

3D illustration of a Telecoms Security Act gap analysis

Gap analysis

Your estate assessed against the duties and the code measures that apply to your tier: what exists, what is partial, what is missing, and what evidence would survive an Ofcom information notice.

3D illustration of TSA remediation planning aligned to the waves

Remediation planning

Findings sequenced into a delivery plan aligned to the waves: quick wins first, the long-lead builds (PAM, PAWs, monitoring) started early, costs phased sensibly.

3D illustration of security policy and board-level governance

Policy and governance

Security policies, board-level risk ownership and the accountability structure the Act expects, written for your organisation rather than copied from a template.

3D illustration of hands-on technical implementation of TSA controls

Technical implementation

Hands-on delivery of the controls: privileged access, monitoring architecture, signalling protection, supply chain controls, drawing on CyPro's engineers and the wider team.

3D illustration of training and competency development

People and competency

Training and competency development mapped to the code's expectations, so the capability survives staff turnover and audit questions.

3D illustration of ongoing compliance monitoring and evidence capture

Ongoing compliance

Continuous monitoring of your position as waves land and the code evolves, with evidence captured as you operate rather than reconstructed under pressure.

Honest pricing

What drives the cost

Compliance programmes in this space are scoped, not price-listed, because the four factors below move the number more than anything on a rate card. The discovery call gives you a firm scoped quote, free, and the government's own revised-code impact estimates (£1.9m to £3.2m one-off per affected provider) are a useful anchor for what DIY at Tier 2 scale really involves.

Get your custom quote
3D illustration of tier and scope driving compliance programme cost

Your tier and scope

A Tier 2 operator with national infrastructure and a Tier 3 supplier facing flow-down clauses need very different programmes.

3D illustration of estate size and legacy equipment as cost drivers

Estate and legacy

Network size, virtualisation maturity and how much end-of-support equipment needs replacing or exit-planning.

3D illustration of existing security capability reducing programme cost

What you already have

Existing PAM, monitoring and governance shrink the programme. The gap analysis gives credit for everything that genuinely works.

3D illustration of timeline pressure and compressed delivery costs

Timeline pressure

Starting a March 2027 build in 2026 is a planned programme. Starting it in late 2026 is a compressed one, and compression costs more.

Quick answers

Working with CyPro

How much does TSA compliance support cost?

It is scoped to your tier, estate and starting point, so we quote per engagement rather than publishing a price list. For context on the scale of the wider challenge: the government's own impact estimates for the 2026 revised code put one-off costs at £1.9 million to £3.2 million per affected provider, with £285,000 to £445,000 a year ongoing. Specialist support exists to make sure your version of that spend lands on the measures that matter, in the right order.

How do we demonstrate compliance to Ofcom?

With evidence: records of risk assessments, implemented measures mapped to the code, test results, governance minutes and the ability to answer information notices without a scramble. Our engagements capture that evidence as the work is delivered, because reconstructing it later is the expensive way.

Can you run the ongoing monitoring the code requires?

Yes. The 24/7 monitoring, SIEM and threat hunting capability the March 2027 wave expects is exactly what CyPro's managed detection and response service provides, delivered by UK analysts. It slots into a compliance programme as the operational layer, with the compliance evidence generated as a by-product of running it.

The 24/7 MDR service

Proof over promises: see the case studies.

3D rocket illustration for booking a free TSA discovery call

Scoped in one call

Get a firm quote for your compliance programme

A free 45 minute discovery call establishes your tier, your gaps and your sequencing, and ends with a scoped proposal. No obligation.