Cyber Essentials Plus Case Study

Winning larger contracts often means proving your cybersecurity is more than a policy on paper. Our case study follows a Nottingham manufacturing business that needed Cyber Essentials Plus certification to secure a major supply chain contract, but had no internal security team to get them there.

We will explore the technical gaps that stood in their way, how Cloudworks guided them through remediation and the independent vulnerability testing, and the business results that followed certification.

The names of the business and people have been changed but this was a real engagement - we are able to have a call with this client if you would like a reference before any potential Cyber Essentials Plus work.

Cyber Essentials Plus Case Study

Overview

Organisation

Harlow Fabrications, a Nottingham-based precision manufacturer supplying components into the automotive and defence supply chains.

Challenge

A prospective tier-one contract required Harlow Fabrications to hold Cyber Essentials Plus certification within ninety days. The business had already passed the self-assessed Cyber Essentials scheme the previous year, but had no in-house security expertise to prepare for the hands-on technical verification that Plus certification demands. Shared local admin accounts, inconsistent patching across a mix of office and shop-floor devices, and unrestricted USB access on several machines all stood in the way.

Solution

Cloudworks was engaged to run a pre-certification readiness review against all five Cyber Essentials control themes, remediate every gap found, and then support the business through the external assessor's on-site vulnerability testing and internal scan.

The engagement covered firewall and boundary configuration, secure device builds, access control, malware protection, and patch management, with particular attention paid to the areas that Plus assessors test most rigorously: authenticated vulnerability scans and multi-factor authentication coverage.

Objective

The primary objectives were to:

  • Achieve Cyber Essentials Plus certification within the client's deadline.
  • Close technical gaps without disrupting shop-floor production systems.
  • Reduce exposure to phishing, malware and unpatched vulnerabilities.
  • Put in place ongoing monitoring so certification could be renewed each year with minimal disruption.
Cyber Essentials Plus Certification Badge

Certification Process

Step 1: Readiness Assessment

Cloudworks began with a full audit of Harlow Fabrications' IT estate against the five Cyber Essentials control themes: firewalls, secure configuration, access control, malware protection and patch management. This surfaced the shared local admin accounts, missing MFA on cloud email, and a handful of shop-floor PCs still running unsupported software.

Step 2: Remediation

Working around production shifts, we replaced shared local admin accounts with individually audited accounts, enforced multi-factor authentication across all cloud services, rolled out a consistent patch management schedule, and restricted USB storage access on machines that didn't need it.

Step 3: Mock Assessment

Before booking the official assessment, we ran an internal mock vulnerability scan against the same tooling the certifying body uses, catching two remaining misconfigurations on the guest Wi-Fi network before they could cause a failed assessment.

Step 4: Certification Assessment

Cloudworks supported Harlow Fabrications' team throughout the assessor's external vulnerability scan and on-site technical verification, providing evidence of the controls in place and resolving one minor finding on the day.

Step 5: Ongoing Monitoring

With certification granted, Cloudworks put in place scheduled patch compliance checks and an annual pre-renewal review, so the business can maintain certification year after year without another scramble against the clock.

Results

Achieving Cyber Essentials Plus delivered tangible business outcomes for Harlow Fabrications:

1. Contract Secured
Certification landed two weeks ahead of the client's deadline, securing the tier-one supply chain contract.
2. Reduced Attack Surface
Removing shared admin accounts and enforcing MFA closed off the two most common routes attackers use to compromise SME networks.
3. Lower Cyber Insurance Premium
Harlow Fabrications' insurer recognised the certification, reducing their cyber insurance premium at renewal.
4. Zero Production Downtime
Remediation work was scheduled around production shifts, so shop-floor systems were never taken offline during the engagement.
5. Repeatable Renewal
Ongoing patch monitoring means next year's recertification will be a routine check rather than a ninety-day scramble.

Testimonial

"We didn't know where to start with Plus certification and had a hard deadline hanging over us. Cloudworks took it off our plate completely and we passed first time."

– Sarah Whitfield, Operations Director, Harlow Fabrications

Why Choose Cloudworks for Cyber Essentials Plus?

Cyber Essentials Plus certification is only as good as the preparation behind it. Our team knows exactly what assessors look for, because we've supported businesses through the process time and again, and we fix the gaps rather than just documenting them.

If you're facing a certification deadline or simply want to strengthen your defences against the most common cyber attacks, contact our team today for a no-obligation readiness review.

Trusting by leading brands, including:

Request a no obligation callback