Cyber Essentials Plus Case Study
Winning larger contracts often means proving your cybersecurity is more than a policy on paper. Our case study follows a Nottingham manufacturing business that needed Cyber Essentials Plus certification to secure a major supply chain contract, but had no internal security team to get them there.
We will explore the technical gaps that stood in their way, how Cloudworks guided them through remediation and the independent vulnerability testing, and the business results that followed certification.
The names of the business and people have been changed but this was a real engagement - we are able to have a call with this client if you would like a reference before any potential Cyber Essentials Plus work.

Overview
Organisation
Harlow Fabrications, a Nottingham-based precision manufacturer supplying components into the automotive and defence supply chains.
Challenge
A prospective tier-one contract required Harlow Fabrications to hold Cyber Essentials Plus certification within ninety days. The business had already passed the self-assessed Cyber Essentials scheme the previous year, but had no in-house security expertise to prepare for the hands-on technical verification that Plus certification demands. Shared local admin accounts, inconsistent patching across a mix of office and shop-floor devices, and unrestricted USB access on several machines all stood in the way.
Solution
Cloudworks was engaged to run a pre-certification readiness review against all five Cyber Essentials control themes, remediate every gap found, and then support the business through the external assessor's on-site vulnerability testing and internal scan.
The engagement covered firewall and boundary configuration, secure device builds, access control, malware protection, and patch management, with particular attention paid to the areas that Plus assessors test most rigorously: authenticated vulnerability scans and multi-factor authentication coverage.
Objective
The primary objectives were to:
- Achieve Cyber Essentials Plus certification within the client's deadline.
- Close technical gaps without disrupting shop-floor production systems.
- Reduce exposure to phishing, malware and unpatched vulnerabilities.
- Put in place ongoing monitoring so certification could be renewed each year with minimal disruption.

Certification Process
Step 1: Readiness Assessment
Cloudworks began with a full audit of Harlow Fabrications' IT estate against the five Cyber Essentials control themes: firewalls, secure configuration, access control, malware protection and patch management. This surfaced the shared local admin accounts, missing MFA on cloud email, and a handful of shop-floor PCs still running unsupported software.
Step 2: Remediation
Working around production shifts, we replaced shared local admin accounts with individually audited accounts, enforced multi-factor authentication across all cloud services, rolled out a consistent patch management schedule, and restricted USB storage access on machines that didn't need it.
Step 3: Mock Assessment
Before booking the official assessment, we ran an internal mock vulnerability scan against the same tooling the certifying body uses, catching two remaining misconfigurations on the guest Wi-Fi network before they could cause a failed assessment.
Step 4: Certification Assessment
Cloudworks supported Harlow Fabrications' team throughout the assessor's external vulnerability scan and on-site technical verification, providing evidence of the controls in place and resolving one minor finding on the day.
Step 5: Ongoing Monitoring
With certification granted, Cloudworks put in place scheduled patch compliance checks and an annual pre-renewal review, so the business can maintain certification year after year without another scramble against the clock.
Results
Achieving Cyber Essentials Plus delivered tangible business outcomes for Harlow Fabrications:
- 1. Contract Secured
- Certification landed two weeks ahead of the client's deadline, securing the tier-one supply chain contract.
- 2. Reduced Attack Surface
- Removing shared admin accounts and enforcing MFA closed off the two most common routes attackers use to compromise SME networks.
- 3. Lower Cyber Insurance Premium
- Harlow Fabrications' insurer recognised the certification, reducing their cyber insurance premium at renewal.
- 4. Zero Production Downtime
- Remediation work was scheduled around production shifts, so shop-floor systems were never taken offline during the engagement.
- 5. Repeatable Renewal
- Ongoing patch monitoring means next year's recertification will be a routine check rather than a ninety-day scramble.
Testimonial
"We didn't know where to start with Plus certification and had a hard deadline hanging over us. Cloudworks took it off our plate completely and we passed first time."
– Sarah Whitfield, Operations Director, Harlow Fabrications
Why Choose Cloudworks for Cyber Essentials Plus?
Cyber Essentials Plus certification is only as good as the preparation behind it. Our team knows exactly what assessors look for, because we've supported businesses through the process time and again, and we fix the gaps rather than just documenting them.
If you're facing a certification deadline or simply want to strengthen your defences against the most common cyber attacks, contact our team today for a no-obligation readiness review.












