Case Studies
At Formentor, we pride ourselves on helping businesses navigate the complexities of Data Protection, Cyber Security, and ISO Certification. Our tailored solutions are designed to meet the unique needs of each client, ensuring sustainable growth and compliance excellence.
Through our case studies, we showcase real-world examples of how we’ve supported clients in achieving their goals, overcoming challenges, and building stronger, more resilient organisations. From securing ISO certifications to managing GDPR compliance and supporting clients through the Cyber Essentials process, these stories highlight the measurable impact of our services.
Case Study List
Browse our featured case studies below to see how we’ve partnered with businesses across different industries to achieve outstanding results.
“Securing the Cyber Essentials and Cyber Essentials Plus certifications under such tight deadlines was a formidable challenge. Formentor’s guidance and support ensured a smooth journey to successful certification in a timely manner.”
Leigh-Anne Swire-Thompson, Head of Operations, Acclaro Advisory
Objectives
The primary objective for Acclaro Advisory was to achieve Cyber Essentials certification, followed by the more rigorous Cyber Essentials Plus certification within a three-month period. This initiative was crucial to comply with a government directive and to ensure Acclaro Advisory was protected against potential cyber-attacks, thus maintaining continuity of service.
ChallengesAcclaro Advisory faced several challenges in pursuing the Cyber Essentials and Cyber Essentials Plus certifications. The firm’s limited in-house technical knowledge was a significant barrier, making it difficult to thoroughly identify and effectively address gaps in their cyber security measures.
Additionally, the stringent timeline to achieve both certifications within a three-month window demanded rapid and effective action, complicating the enhancement of their security protocols. This swift timeline was compounded by the necessity to align all team members with the upgraded security practices and to ensure comprehensive understanding and implementation of the new protocols across the organisation. These factors collectively intensified the complexity of the certification process, requiring diligent management and coordination.
Why Cyber Essentials Plus
Cyber Essentials certification was pursued not only to meet a government requirement but also to bolster the overall cyber security framework of Acclaro Advisory. Achieving this certification was essential to demonstrate their capability in managing cyber security risks effectively to their clients.
Selection
Formentor was selected to support Acclaro Advisory’s certification goals due to pre-existing relationships with the business and the outsourced IT provider. These relationships, along with their experience with Cyber Essentials Plus, facilitated a smoother initiation and progression through the certification processes.
ApproachThe approach to achieving certification involved several key steps. Acclaro Advisory conducted thorough research to understand the requirements and framework of Cyber Essentials and Cyber Essentials Plus certifications.
A detailed assessment of the existing cyber security provisions was conducted against the Cyber Essentials checklist to identify gaps. Formentor was engaged for their expertise in guiding through this process. Acclaro Advisory addressed the identified gaps followed by a systematic audit process, which ensured compliance with the certification standards.
Benefits
Enhanced Security Awareness – There was a marked improvement in the team’s understanding of cyber security risks and compliance.
Standardised Security Practices – The certification process helped standardise the use of software applications and policies across the company.
Improved Client Confidence – Achieving these certifications reinforced client confidence in their commitment to robust cybersecurity measures.
Staff Training – Team members were given specialist training on cyber security through Formentor’s online portal, isowise.
“Our mission is to be the most professional specialist passive fire protection consultants in the UK. ISO 9001 Certification was a core part of our growth plans. Formentor helped us build a fantastic QMS which the auditor was very impressed with.”
Nic Bohanna, Key Client Manager, Adaston
Objectives
Established in Harrogate in 2016, Adaston expanded their operations to include comprehensive services including surveys, consultancy, installation and remediation of passive fire protection. Their growth required additional focus on quality control to guarantee exceptional levels of service to clients, resulting in a desire to achieve ISO 9001 certification.
ChallengesDespite Adaston’s quality outputs, their operational procedures primarily relied on practices established through experience. This reliance became a bottleneck as the company grew, complicating the onboarding of new staff due to the absence of clearly documented processes and procedures. This situation highlighted a significant challenge in maintaining operational efficiency and quality consistency as the business scaled.
Furthermore, as Adaston sought to expand its business and compete for more substantial contracts, they encountered an increasing number of tenders that required a certified Quality Management System (QMS) to be in place.
Why ISO 9001
The decision to pursue ISO 9001 certification stemmed from the need to formalise and document Adaston’s practices and procedures, thus providing clear, immediate guidance to new employees. The certification was seen as a pathway to reinforcing the company’s commitment to quality and excellence, aligning with its mission to lead in the PFP sector.
Selection
Adaston sought a partner that could not only understand their existing processes but also enhance them with a comprehensive, documented QMS. Formentor was chosen for its ability to guide Adaston through the entire certification process, from the initial development of the QMS, training users, conducting internal audits and driving continual improvement practices.
ApproachFormentor tailored its approach to Adaston’s needs, focusing on swiftly developing a documented QMS to facilitate continuous improvement. A significant challenge was the tight deadline imposed by a crucial tender requiring ISO 9001 certification. Formentor efficiently expedited the process, ensuring Adaston met the tender’s requirements without compromising the quality or integrity of the QMS. This ability to work within stringent timeframes highlighted their commitment to supporting Adaston’s business goals.
Benefits
ISO Certification – ISO 9001 certification was achieved in 2021 with no non-conformances. All surveillance audits have been passed.
Customer Satisfaction – A 95% customer satisfaction score was achieved during an anonymous survey in 2023.
Mapped Processes – All processes were fully mapped enabling existing and new staff to be trained quickly and efficiently.
Staff Training – Team members were given specialist training on quality management through Formentor’s online portal, isowise.
“ISO has been an intense but rewarding journey for the Epro team. Having Formentor at our side throughout the process has been invaluable as we have understood the requirements and updated our operational procedures to ensure 100% compliance. The Formentor model and approach to the project was impressive and we have huge respect and appreciation for the Formentor team as our partner on this journey.”
Jonathan Elliott, Managing Director, Epro
Objectives
Epro set out to achieve ISO 9001 and ISO 27001 certification to support continued growth, meet evolving customer and tender requirements, and formalise how quality and information security were managed across the business. A key objective was to embed management systems that genuinely supported day-to-day operations rather than introducing unnecessary bureaucracy. Success was defined as achieving certification first time, with minimal disruption to business activities, strong staff engagement and systems that would scale with the organisation.
Challenges
Prior to the project, Epro processes existed but were largely informal and inconsistently documented. Whilst quality had always been a cornerstone of the Epro business, both quality and information security were managed on a best-efforts basis, with practices varying between teams and relying heavily on individual knowledge.
As this was Epro’s first experience of ISO certification, there were understandable concerns around complexity, administrative overhead, and the risk of failing the audits. Particular challenges included translating ISO requirements into practical processes, formalising existing knowledge into usable documentation, and meeting the more demanding elements of ISO 27001 such as risk assessments, the Statement of Applicability and internal audit requirements.
Why ISO 9001 & 27001
Certification was driven primarily by tender requirements, where ISO 9001 and ISO 27001 were either mandatory or strongly preferred. Operating in a highly regulated sector and working closely with the NHS, Epro recognised that Cyber Essentials Plus alone was no longer sufficient to demonstrate robust governance and information security. ISO 9001 provided a framework for consistent service delivery and continuous improvement, while ISO 27001 enabled a more structured and credible approach to managing information security risk.
Selection
Formentor was selected as the delivery partner due to its pragmatic and approachable interpretation of the standards. Epro valued the ability to ask questions freely and receive clear, practical guidance rather than generic compliance advice. The availability of well-structured templates, combined with an understanding of how to apply ISO requirements proportionately, gave confidence that the systems would be fit for purpose.
Approach
The project was delivered at a realistic pace, with clear milestones and regular check-ins to maintain momentum. The focus was on integrating ISO requirements into existing workflows, prioritising high-risk and high-value areas first. Practical tools such as policy and procedure templates, risk assessment frameworks, and audit preparation checklists supported efficient implementation and built internal confidence. Compliance requirements were balanced carefully against operational demands to ensure business continuity throughout the project.
Benefits
- Improved consistency in service delivery, with clearer roles, responsibilities and accountability
- Stronger understanding and management of information security risks, supported by structured controls
- Increased customer confidence, supporting tender submissions, new business opportunities and customer retention
- Enhanced governance, risk awareness, onboarding and decision-making across the organisation
“We have been thoroughly impressed with the DPO service provided to us over the last few years. The level of competence and expertise demonstrated throughout our engagement has been exceptional. Their insights and guidance have significantly enhanced our understanding and implementation of data protection measures, ensuring compliance and safeguarding our organisation’s data integrity.”
Mark Long, Chief Technology Officer, Inuvi
Objectives
Inuvi are a UK-based organisation providing medical assessments across the UK, alongside diagnostic services delivered through an in-house laboratory. They required data protection support from an early stage in its development, recognising the importance of establishing appropriate governance as the business scaled. Key objectives included ensuring compliance with UK GDPR, embedding data protection into day-to-day operations, and building internal confidence when handling sensitive health data.
They also wanted access to independent, experienced advice to support decision making as services expanded and processing activities became more complex.
Challenges
As a recently formed and fast-growing organisation, Inuvu did not have in-house data protection expertise. The nature of its services meant it was processing large volumes of special category data, increasing both regulatory expectations and risk.
A recurring challenge was clearly defining and maintaining the organisation’s role as a data processor when working with clients acting as data controllers. This required careful consideration of contractual arrangements, responsibilities, and practical application of UK GDPR requirements, often involving detailed discussions to ensure roles and obligations were clearly understood by all parties.
Why an Outsourced DPO
Outsourcing the DPO role provided Inuvi with independent oversight and specialist expertise without the need to appoint a full-time resource. This approach offered flexibility as the business evolved and ensured access to practical, business-focused guidance rather than purely theoretical or legal interpretation.
The outsourced model also allowed them to draw on broader experience gained from working across regulated environments and similar data protection challenges.
Selection
Formentor were selected as the DPO partner due to an existing professional relationship and local presence, which helped establish trust early in the engagement. Our flexible approach allowed the service to be tailored to the needs of a growing organisation, while our DPO certification and experience provided assurance that regulatory expectations would be met.
Approach
Formentor provided outsourced DPO support from 2018, covering two distinct areas of the business: the medical assessment services and the diagnostic laboratory operation.
Our focus was on putting strong data protection foundations in place early, including governance arrangements, advice on processing activities, and ongoing guidance on regulatory obligations. Support was delivered on a long-term basis, acting as a trusted adviser and sounding board for data protection decisions across both parts of the organisation.
Where incidents or issues arose, these were handled calmly and proportionately, with a focus on managing risk, meeting regulatory requirements, and supporting the business through each situation in a measured and practical way.
Benefits
- Improved organisational understanding of data protection obligations
- Greater clarity and confidence around data controller and data processor responsibilities
- More consistent handling of special category health data
- Increased assurance around compliance as the business scaled and services evolved
“Gaining CE+ was an important way for us to demonstrate our security practices were at the level they needed to be. Formentor’s support through this process was vital in helping us complete our submission and gain both certifications.”
James Rodley, Operations Director, ITQ Metis
Objectives
ITQ Metis offers a suite of secure, reliable online tools to support the admissions challenges of independent schools. Their solutions help to improve the recruitment pipeline while providing greater security and productivity for every independent school. The main goal of ITQ Metis was to achieve CE and CE+ certifications as efficiently as possible while adhering to best practices.
Challenges
A significant challenge was implementing the necessary changes while managing everyday work tasks. With a small team, ITQ Metis needed to utilise the full allowable time for certification. It was crucial to maintain high levels of focus, even during busy operational periods. This commitment ensured that all necessary standards were met.
Why Cyber Essentials Plus
ITQ Metis chose to pursue CE and CE+ certifications to elevate their security standards and demonstrate their commitment to safeguarding sensitive information. They aim to set a benchmark for security practices within the education sector, reassuring their customers that their data is handled with the utmost care and adhering to the highest standards.
Selection
Formentor already provided a virtual Data Protection Officer (DPO) service to ITQ Metis, ensuring their data protection practices were compliant and robust. Given this existing relationship and trust, it was a natural fit for the business to choose Formentor to support their Cyber Essentials project. Their in-depth understanding of their systems and security needs, as well as their experience with CE projects, positioned them ideally to assist.
Approach
To help ITQ Metis achieve the certifications, Formentor supported them throughout the entire process. This included working through CE responses and policies, acting as a sounding board for new ideas, implementing a timeline, and helping to keep the project on track.
Benefits
Greater Confidence – ITQ Metis has gained greater confidence in their internal systems and policies. The certifications have encouraged the organisation to review system security and best practices continually. The CE+ badge now gives clients added comfort in the security measures they employ.
Better Internal Understanding – Employees at ITQ Metis have a better understanding of the policies and actions required during their everyday use of systems and applications. The certification process also improved their practices relating to the security of the applications provided to their customers.
Further Ambitions – ITQ Metis were eager to build on their CE and CE+ certifications, with ISO 27001 Information Security Management firmly on their radar. Formentor have already set the wheels in motion to support them through this process.
“Attaining ISO 27001 certification with Formentor’s support was a pivotal milestone for Orbital Global. It has not only enhanced our security
measures but also significantly bolstered our credibility in the industry.””William Odom, Co-Founder, Orbital Global
Objectives
Orbital Global, a legal tech consulting firm specialising in eDiscovery, digital forensics, and cybersecurity, aimed to formalise their information security management system (ISMS), refine their processes, and enhance overall risk management.
The primary goal was to secure ISO 27001 certification to ensure their practices met industry standards and strategically manage information security risks.
ChallengesBefore embarking on their ISO 27001 certification journey, Orbital Global faced several significant challenges that underscored the need for a formalised approach.
A critical market requirement was that some potential clients insisted that their partners possess recognised certifications, which Orbital Global lacked. Despite operating according to industry best practices, these were informally implemented without a structured management system, posing a substantial barrier to formal certification.
Additionally, the absence of internal ISO lead implementers meant that Orbital Global had to seek external expertise to effectively navigate the certification process. These factors collectively necessitated a strategic overhaul to meet the rigorous standards of ISO 27001 and achieve a competitive edge in their field.
Why ISO 27001 ISMS
ISO 27001 certification was pursued to accredit Orbital Global’s best practices and to achieve industry-best standards, reinforcing the firm’s commitment to rigorous information security risk management. This certification was crucial for enhancing client confidence and meeting market demands.
Selection
Orbital Global chose Formentor for their renowned expertise in guiding organisations through the ISO 27001 Information Security certification process. Formentor was selected based on their proven track record, the expertise of their consultants, and their structured approach to tackling the complexities of ISO certification.
ApproachFormentor provided comprehensive support throughout the certification journey, from the initial gap analysis to the successful achievement of certification.
Their responsiveness and deep knowledge were pivotal in navigating the complexities of the certification process. Key policy enhancements and the formalisation of the ISMS were implemented to ensure compliance and elevate security awareness across the firm. This structured support helped Orbital Global effectively integrate new security measures and policies.
Benefits
Operational Efficiency – Streamlined internal processes have increased operational efficiency and productivity across the organisation.
Risk Management – Established risk management processes allowed Orbital Global to proactively identify, assess, and mitigate information security risks more effectively.
Market Positioning – Their enhanced reputation in the legal tech industry has opened doors to new business opportunities.
Firm Foundation – Implementing and maintaining their ISMS has laid a firm foundation for continuous improvement and compliance.
“Being able to demonstrate our commitment to both Quality and Information Security is a testament to Protas’ culture and preparedness. With Formentor’s support, we have passed a multitude of external ISO audits, all with flying colours.”
Scott Wilson, Head of Information Security, Protas
Objectives
Protas is a not-for-profit organisation dedicated to “Smarter trials for better health,” focusing on reducing barriers in the development of treatments for common diseases. The organisation emphasises smart trial design and delivery, effective use of data and technology, and collaborative policy development. With a commitment to maintaining high standards of quality and information security, Protas sought ISO 9001 and ISO 27001 certifications to professionalise and accredit their operations.
Challenges
As a start-up, Protas faced the dual challenge of implementing ISO 9001 and ISO 27001 standards within a tight timeline of 8-10 months. The main hurdle was integrating these systems to function cohesively without overlap, ensuring that the certifications did not impede their mission. Avoiding duplication of effort whilst implementing two standards at the same time was a high priority across the quality assurance and information security teams.
Why ISO 9001 & 27001
Protas pursued ISO 9001 and ISO 27001 certifications to reinforce trust and operational integrity within the highly regulated clinical trials industry. These certifications demonstrate Protas’ commitment to high standards in quality management and information security, crucial for maintaining stakeholder trust and enhancing operational excellence. Through these certifications, Protas not only boosts its operational capabilities but also solidifies its standing as a trusted entity in its field.
Selection
Formentor was selected after thorough research and comparison of various service providers. Formentor’s capability to offer guidance on both ISO 9001 and ISO 27001 made them a preferred choice, aligning with Protas’ need for integrated management system expertise. In addition to this, Formentor’s provision of an online training platform for all users enhanced Protas’ readiness for certification.
ApproachFormentor provided tailored services which helped integrate the ISO 9001 and ISO 27001 into a cohesive management system. Their expertise allowed Protas to avoid common pitfalls and ensured the organisation was on track for certification in the requirement timeframe. Assigning a consultant experienced across both standards helped build the integrated management system. Their role was pivotal in maintaining the project’s momentum and addressing any concerns during the implementation phase.
Benefits
ISO Certification – ISO 9001 and 27001 certifications were achieved in 2023. All surveillance audits have since been passed.
Third-Party Audits – Working in clinical trials, ISO 9001 and 27001 certifications have streamlined the process of third-party audits.
Commitment Demonstration – Demonstrating a commitment to both information security and quality demonstrates Protas’ culture and preparedness.
Staff Training – Team members were given specialist ISMS and QMS training through Formentor’s online portal, isowise.
Challenges
Approach
Challenges
Approach
Your Success Story Starts Here
Looking for a trusted partner to guide your compliance journey? Contact us today to find out how Formentor can help your business achieve compliance excellence.