Compliance & Certification

Got a deadline?
We’ve been
here before.

A letter from Severn Trent, the NHS, or a large contractor telling you to certify — or lose the contract. It’s more common than you’d think. We’re an IASME-accredited certification body. We’ve taken businesses from nothing to Cyber Essentials certified in 60 days. We know what we’re doing.

Book a Free Security Review See what we certify ↓

IASME accredited certification body · CE+ certified ourselves · ISO27001 in progress

What's included
Cyber Essentials & CE+
UK government-backed. Required by NHS, MOD, and Severn Trent supply chains. We’re an accredited certification body.
ISO27001
Information security management system. The international standard for serious information security governance.
ISO9001
Quality management system. Demonstrates consistent, documented business processes and continuous improvement.
Cyber Insurance Readiness
Prepare for insurer questionnaires and demonstrate the controls that reduce your premium and support your claim.
Supply Chain Compliance — Real Story
“Severn Trent told our client they had 90 days to get Cyber Essentials certified or lose the contract.”

A West Midlands business in the Severn Trent supply chain received a letter. Certify to Cyber Essentials or the contract is at risk. They had no existing certification, no security programme, and a 90-day deadline. They called ACUTEC.

We assessed their environment, identified the gaps, guided them through remediation — firewall configuration, patching, access controls, MFA rollout — and submitted their Cyber Essentials application in week eight. Certified ten days later. Thirty days ahead of the deadline. Contract retained in full.

This is not a one-off. Severn Trent, the NHS, the MOD, and most large public sector bodies are tightening supply chain security requirements. If you supply them — this conversation is coming.

What ACUTEC delivered
1
Day 1 — The letter arrives
Client receives Severn Trent supplier requirements. 90-day deadline. No existing certification. Calls ACUTEC.
2
Week 1 — Gap assessment
Full security gap analysis against Cyber Essentials requirements. Every gap identified and prioritised.
3
Weeks 2–7 — Remediation
Firewall configuration, patching schedules, access controls, MFA rollout. Every gap closed. Evidence gathered.
4
Week 8 — Application submitted
Cyber Essentials application submitted with full supporting evidence. Certified within ten days.
Certified in 60 days. Contract secured.
30 days ahead of the Severn Trent deadline · £0 revenue lost
The standards

What each certification actually
means.

Plain English. No framework jargon. What the standard is, who needs it, and what it proves.

CE — CYBER ESSENTIALS
The baseline. Required by most supply chains.
A UK government-backed certification covering five core security controls: firewalls, secure configuration, user access control, malware protection, and patch management. Required by the NHS, MOD, Severn Trent, and most major public sector contractors. We are an IASME-accredited body — meaning we certify other businesses, not just advise them.
CE+ — CYBER ESSENTIALS PLUS
Independently verified. A stronger proof point.
CE+ adds independent technical verification to the self-assessed Cyber Essentials. A qualified assessor tests your controls rather than taking your word for it. ACUTEC holds CE+ ourselves — we went through the same independently-verified process we put our clients through. We know where it catches people out.
ISO27001 — INFORMATION SECURITY
The international standard. Serious governance.
ISO27001 is the internationally recognised standard for information security management systems. It requires a documented, audited, and continually improved approach to managing information security risk. It is a significant undertaking — typically 12–18 months — but the result is a security programme that stands up to any scrutiny. ACUTEC is pursuing ISO27001 internally. We are one of very few MSPs in the region doing so.
ISO9001 — QUALITY MANAGEMENT
Documented processes. Consistent delivery.
ISO9001 is the quality management standard — it proves your business has consistent, documented processes and a commitment to continuous improvement. Often required alongside security certification for public sector and NHS supply chains. Can be pursued simultaneously with ISO27001 to share the audit burden.
60
Days to Cyber Essentials Our fastest Severn Trent supply chain certification. Against a 90-day deadline. From nothing to certified.
IASME
Accredited certification body We don’t just help clients get certified — we assess and certify them directly. Stage 1 complete. Stage 2 audit underway. Target: September 2026.
CE+
We hold it ourselves ACUTEC is Cyber Essentials Plus certified internally. Independently verified. We practise what we sell.
Compliance pathways

Start where you need to.
Build from there.

Most businesses start with Cyber Essentials because of a deadline. The smart ones use it as the foundation for a broader programme.

Entry point
Cyber Essentials
From £300 certification fee + our time

The foundation. Required by most public sector supply chains. Self-assessed with independent verification of your answers. We guide you through the questionnaire, close the gaps, and submit on your behalf.

  • Gap analysis against CE requirements
  • Remediation support and guidance
  • Questionnaire completion support
  • Submission and follow-up
  • Certificate and trust mark
Get Started
Most requested
Cyber Essentials Plus
From £500 certification fee + our time

Ongoing management of your security programme. Your security, handled.

  • Everything in Cyber Essentials
  • Independent technical verification
  • Vulnerability scanning of your environment
  • Internal and external network testing
  • Remediation support if gaps found during testing
  • CE+ certificate and trust mark
Get CE+ Certified
Full programme
ISO27001
Scoped 12–18 month programme

The full information security management system. Documented risk assessment, policy suite, treatment plan, internal audit, and external certification audit. We guide you through every stage — and we’re doing it ourselves, so we know exactly where the work is.

  • Gap analysis against ISO27001:2022
  • Risk assessment and treatment plan
  • Full policy suite — written and owned
  • Internal audit programme
  • External certification audit preparation
  • Can be combined with vCISO retainer
Start ISO27001
The process

Cyber Essentials.
Step by step.

For businesses with a supply chain deadline, this is the process that gets you certified in time.

01
Gap assessment
We review your current environment against the five CE control categories. Every gap documented, prioritised, and explained in plain language. You know exactly what needs to change before any work begins.
02
Scoped proposal
We fix what needs fixing. Firewall rules, patch management, MFA rollout, access control review. Our infrastructure team does the technical work — you don’t need to manage it.
03
Application & evidence
We complete the Cyber Essentials questionnaire with you and compile the supporting evidence. As an IASME-accredited body, we know exactly what the assessor needs to see.
04
Certified
Certificate issued. Trust mark available. Supply chain deadline met. For CE+ clients, the technical testing phase happens here — and because we’ve closed all the gaps first, you pass.
Make the switch

Tell us when it is.
We’ll tell you if it’s achievable.

We’ve certified businesses against tight supply chain deadlines before. Give us the date, the standard, and five minutes on the phone. We’ll tell you honestly whether we can get you there — and what it will take.

Book a Compliance Call Call 01675 469020

St Peters House · Church Hill · Coleshill · Birmingham · B46 3AL · hello@acutec.co.uk