Colchester Machine Tool Solutions came to us over two years ago looking to get certified for Cyber Essentials in both basic and plus. They found that this was becoming a much more pressing requirement after enquiries from customers and suppliers.
As their business grows it has become a much more pressing requirements that they can demonstrate their commitment to cyber security and certification to prove that they meet the requirements of the modern standard.
What did the process look like?
The certification process can often feel cumbersome and frustrating, especially for businesses going through it for the first time. It can be quite a shock to see how modern vulnerabilities manifest and just how widespread they are. Many companies still rely on specialist software or machinery that has known vulnerabilities—often unresolved due to outdated development or unsupported licensing models.
This has highlighted ongoing challenges with legacy systems, particularly those using perpetual licenses that no longer receive updates or support. We aim to simplify the process as much as possible for our clients. By conducting comprehensive network scans, we can quickly identify immediate issues from both internal and external perspectives.
Navigating the operational challenges of updating or removing legacy software isn’t easy. However, we approach each situation with a practical mindset, understanding the unique needs of each business and working closely with them to find workable solutions.
Over the course of several weeks, we maintain clear and consistent communication with our clients, keeping them informed of progress and outlining the necessary steps to achieve certification.
The basic assessment is relatively straightforward. It involves reviewing the business’s cybersecurity policies and procedures on paper. Often, just a few adjustments are needed to become compliant—and the process can be incredibly useful for identifying gaps that might otherwise go unnoticed.
The Plus assessment, on the other hand, is far more rigorous. It requires a hands-on demonstration of the security practices outlined in the basic assessment, and the criteria are much stricter. It’s a significant step up, but with the right preparation and support, it’s achievable and should be aimed for.
Challenges
One of the biggest challenges in achieving certification is understanding the specific requirements of each customer and making necessary adjustments to their systems—without disrupting daily operations.
In this case, we already had an established and trusted relationship with Colchester Machine Tool Solutions, which gave us valuable insight into how their business operates. This allowed us to ensure that any changes we made would not compromise the effectiveness or continuity of their work.
Working under tight deadlines added pressure, but we remained focused on meeting all requirements within the timeframe—while maintaining business-as-usual for the customer. As always, we delivered.
This is where our expertise really stands out. We understand the balance between security and operations, and we make it easy for businesses to meet their cybersecurity goals without unnecessary disruption. That’s why partnering with us is a smart choice for your certification needs.
Certification
Once we’ve completed our work on a client’s network and brought it up to our high standards, we bring in an independent third-party auditing body to assess the results. This step ensures that everything we’ve implemented meets the official certification requirements and reflects the highest level of cybersecurity best practices.
The external assessor conducts a thorough review, examining security from every angle to confirm there are no gaps or vulnerabilities left unaddressed.
In Colchester Machine Tool Solutions’ case, they passed the assessment with flying colours—achieving certification without any issues.
Although they’ve just secured their certification for the second consecutive year, we’re already planning ahead. We’re proactively reviewing potential changes in technology, evolving security requirements, and possible updates to the government’s Cyber Essentials scheme. This forward-thinking approach ensures they’ll remain compliant and protected well into the future.
