terra firma strengthened its IT environment for government tendering

• Customer: The terra firma Consultancy Ltd
• Sector: Environmental consultancy entering MOD and government tendering
• Challenge: Needed stronger controls, clearer documentation, and a more defensible security posture
• What CYAN did: Strengthened security, supported Cyber Essentials Plus, and helped the business prepare for higher scrutiny
• Outcome: Greater readiness, clearer control, and more confidence in tendering for government work

The terra firma Consultancy Ltd had the opportunity to pursue MOD and wider government contracts.

But moving into that space meant more than winning work. It meant being able to show that the business had the right systems, controls, and documentation in place to stand up to a higher level of scrutiny.

Their existing setup was workable for day-to-day operations, but it had not been built for the demands of government tendering. CYAN was brought in to help strengthen the environment, clarify what was required, and put a more structured foundation in place.

The Challenge

The terra firma Consultancy’s existing setup lacked the robust controls, documentation, and resilience required for IT compliance in government contracts, putting the business at risk of missing future MOD opportunities.

To even be considered for MOD tenders, terra firma needed to:

• Achieve Cyber Essentials Plus certification
• Strengthen their overall IT security posture
• Demonstrate compliance during tender evaluations
• Understand and respond effectively to complex MOD security requirements

For a consultancy without a dedicated IT department, the process would have felt overwhelming. The MOD’s language and requirements were unfamiliar, and getting them wrong wasn’t an option.

The stakes were high. Without the right IT support for MOD contracts, sensitive government work would remain out of reach and their growth ambitions could stall.

CYAN were critical in helping us understand the terminology and processes which were beyond our expertise. So it was really helpful to have your guys lead us through that.

Why CYAN

terra firma were not looking for noise, over-complication, or a provider focused on products first.

They needed a team that could understand the level of scrutiny involved, translate unfamiliar requirements into practical next steps, and help the business build confidence in the way its environment was managed.

CYAN was chosen because our approach matched that need. We started by understanding where the main risks and gaps were, then worked with terra firma to strengthen the essentials, improve clarity, and support the business through a process that would otherwise have been difficult to navigate alone.

It gave us confidence to know CYAN were there to give us the support we needed, bring the right expertise, and help us understand some of the terminology we were dealing with.

How CYAN supported terra firma

Phase 1: Review the environment and clarify the gaps

The first priority was to understand what would need to change for terra firma to be ready for a higher level of scrutiny.

CYAN reviewed the organisation’s security posture, resilience, and supporting controls, then helped identify the gaps that could affect eligibility for MOD and wider government tenders.

This gave the business something it had not previously had: a clearer view of where it stood, what needed attention, and how to approach the work in a structured way.

Phase 2: Strengthen controls and support certification

Once the main gaps were clear, the focus shifted to improving the environment and putting the right measures in place.

CYAN helped terra firma strengthen security controls, formalise key policies, and work towards Cyber Essentials Plus so the business could demonstrate that it had the right systems in place to reduce risk.

This was not about adding complexity. It was about making the environment more defensible, more consistent, and easier to stand behind in tender discussions.

What stood out was how clearly CYAN translated a difficult process into something practical. They helped us build confidence in our answers, our documentation, and the way we presented ourselves.

Phase 3: Support tender readiness with clearer confidence

CYAN’s role did not end once the controls were in place.

We continued to support terra firma as the business prepared tender responses, helping leadership feel more confident in how requirements were being interpreted and how the organisation’s environment was being represented.

That ongoing support mattered. For businesses moving into government work, confidence comes not from guessing well, but from knowing the environment, documentation, and responses will stand up properly when examined.

The transformation

Today, terra firma is in a stronger position to pursue MOD and wider government opportunities.

That means:

• a more secure and better-documented technology environment
• clearer controls and policies to support tender requirements
• Cyber Essentials Plus achieved as part of a stronger compliance position
• more confidence in interpreting and responding to government tender questions
• a stronger footing for work involving greater scrutiny

It’s good to know we’ve got Cyber Essentials Plus in place. It’s going to be required for future work like MOD or Home Office contracts.

Long-term confidence

terra firma’s relationship with CYAN has continued because the support has remained dependable as requirements have evolved.

When the contract came up for renewal, the decision was not just about cost. It was about confidence in the quality of support, the strength of the relationship, and knowing the business could go to people who understood its environment and would help when it mattered.

CYAN also supported terra firma with the policies and administrative steps needed alongside the technical work, helping leadership move forward with greater confidence.

What this means for organisations like yours

If your business is moving towards work that carries greater scrutiny, your technology environment needs to stand up to more than day-to-day use.

It needs clear control, dependable security, and confidence in how requirements are being handled. Not just when someone asks the question, but before the question is asked.

If that feels harder than it should, it may be time for a more structured approach.

Even if you were a little bit more expensive, the quality we felt was worth sticking with. We know that if we’ve got issues, we can go straight to the team and say, we’re having this issue, can you help us out here? Having that confidence that we can do that is really important to us.

Start a practical conversation
No pitch. No pressure.