Skip to content
360 Cyber Compliance

Case studies

Realistic examples of the compliance challenges we help solve and how a typical engagement runs.

Example engagements — illustrative, not named clients

Example engagement Residential care home (~35 beds)

Helping a small care home reach Standards Met before the DSPT deadline

A residential home relied on NHSmail for GP and pharmacy correspondence but had never completed the toolkit, and its NHS data flows were at risk with the 30 June deadline approaching.

The home reached a Standards Met submission ahead of the 30 June deadline and kept its NHSmail access uninterrupted.

Read the example →
Example engagement GP practice (~9,000 patients)

A GP practice catching up on a lapsed DSPT submission

A busy general practice had let its toolkit slip after a change of practice manager, leaving a lapsed status while it depended on GP Connect and the Electronic Prescription Service every day.

The practice restored a current Standards Met status and protected its ongoing access to national NHS systems.

Read the example →
Example engagement Domiciliary care provider (~120 care workers)

DSPT for a domiciliary care provider with a mobile workforce

A home care agency whose staff worked from personal and shared mobile devices in the community struggled to show it controlled access to service-user data across a dispersed team.

The provider achieved a Standards Met submission with access controls that genuinely reflected how its mobile team works.

Read the example →
Example engagement Community pharmacy (two branches)

A community pharmacy tackling the DSPT and Cyber Essentials together

A two-branch pharmacy needed a current DSPT for its NHS system access and wanted to strengthen its technical security, but was doing the two pieces of work separately and duplicating effort.

The pharmacy reached Standards Met and achieved Cyber Essentials from a single, coordinated body of work rather than two separate projects.

Read the example →
Example engagement UK SaaS provider (~50 staff)

Guiding a SaaS provider to first-time ISO 27001 certification

A growing software company kept losing enterprise deals at the security-review stage because it could not show a recognised information security certification, and needed ISO 27001 to unlock larger contracts.

The provider passed its Stage 2 audit and gained a certification it could put in front of enterprise buyers during procurement.

Read the example →
Example engagement Professional services SME (~30 staff)

A first ISO 27001 certification for a growing SME

A professional services firm was being asked for ISO 27001 by prospective clients but feared the standard was designed for large corporations and would overwhelm a team of its size.

The SME achieved certification with a management system sized for its business, not a copy-paste corporate framework.

Read the example →
Example engagement GP practice (~7,500 patients)

Cyber Essentials for a GP practice strengthening its DSPT

A GP practice wanted to firm up the technical side of its DSPT and reassure patients and commissioners, and chose Cyber Essentials as a recognised, proportionate way to prove its basic controls were in place.

The practice achieved Cyber Essentials and used the verified controls to reinforce several DSPT technical assertions.

Read the example →
Example engagement IT services SME (~40 staff)

Meeting a customer's Cyber Essentials Plus requirement

An SME supplier was told by a major customer that its contract renewal depended on holding Cyber Essentials Plus, which adds an independent hands-on audit on top of the self-assessment.

The supplier passed the independent Cyber Essentials Plus audit and retained the contract that depended on it.

Read the example →
Example engagement Private dental practice (three chairs)

Helping a dental practice complete its PCI DSS self-assessment

A private dental practice taking card payments for treatment plans was unsure which PCI DSS self-assessment questionnaire applied and worried its card handling left it exposed.

The practice completed the correct SAQ under PCI DSS v4.0.1 and reduced how much card data it handled directly.

Read the example →
Example engagement Care home group (four homes)

A UK GDPR data protection audit for a care home group

A small care home group knew it held sensitive resident data but had never audited its practices, and was uneasy about whether it could handle a subject access request or a breach correctly.

The group gained a clear view of its data, a defensible set of records, and staff who knew how to respond to requests and breaches.

Read the example →
Example engagement National charity (~60 staff and volunteers)

An outsourced DPO for a charity handling sensitive beneficiary data

A charity supporting vulnerable beneficiaries handled sensitive personal data and needed dedicated data protection oversight, but could not justify a full-time DPO on its budget.

The charity gained ongoing, independent data protection oversight proportionate to its size and its duty to vulnerable people.

Read the example →
Example engagement Manufacturing SME (~45 staff)

IASME Cyber Assurance for an SME proving itself in the supply chain

A manufacturing SME needed to show larger buyers a broader assurance of good security than Cyber Essentials alone, but ISO 27001 felt too heavy for where the business was.

The SME achieved IASME Cyber Assurance, giving buyers broader assurance than Cyber Essentials without the weight of full ISO 27001.

Read the example →

Facing a similar challenge?

Tell us where you are and we’ll come back within one working day with clear, no-obligation next steps.

  • Plain-English, jargon-free advice
  • Fixed-price quotes — no surprises
  • Delivered remotely across the UK

By submitting you agree to our privacy policy. We never share your details.