Case Study

Locking It Down: How a Growing Architecture Firm Took Control of Access and Secured Certification Readiness

Published :  

Aug 6, 2025

About the Business

Our client is a design-led architectural practice with around 35 employees. Having grown rapidly over the past few years, many of their internal systems and processes had not kept pace with the size and complexity of the team. As they prepared to apply for Cyber Essentials certification, the business recognised the need to modernise how access to devices and systems was being managed.

Industry: Architecture
Organisation Size: 35 Users
Service Areas: Identity and Access Management, Cyber Essentials Preparation, Account Governance

Challenge

Access to company systems had historically been managed informally. Most users logged in using local accounts, and old user profiles often remained active long after staff had left. There was no central record of who had access to what, and managers were able to grant access without oversight or follow-up.

As the company scaled and prepared for formal certification, it became clear that the existing approach to access control was no longer fit for purpose.

Solution
  • Carried out a full audit of all user accounts and company devices
  • Identified and disabled aged or unauthorised accounts for a 2-month review period
  • Transitioned all users from local logins to centrally managed accounts using directory services
  • Created security groups based on role and responsibility for controlled access to files and systems
  • Embedded the new identity process into onboarding and offboarding procedures to ensure long-term consistency and visibility
Outcome

The business now operates with a clear and structured approach to access management. All users authenticate against a central directory, and permissions are granted based on role-specific security groups rather than individual manager discretion.

Departing staff have their accounts disabled immediately and removed automatically if unused, while new joiners receive access based on a standardised onboarding process. This has given leadership confidence that access is properly governed and has strengthened the business's position for both certification and future project bids.

Services Taken:
Identity and Access Management, Cyber Essentials

Write to us,
we will get back to you soon

Thank you! Your submission has been received!
Oops! Something went wrong while submitting the form.