Cyber Essentials Made Simple for a Creative Agency

Speakeasy is a Scottish video and events company trusted by government departments and leading brands. It creates corporate films and animations for internal communications, brand, education, training and recruitment. The team also manages events and exhibitions from concept to delivery.

Speakeasy pursued Cyber Essentials accreditation to meet public-sector assurance requirements and give clients, including the Scottish Government, clear confidence in its security posture.

The team already followed sensible practices (strong passwords, a Mac-based workflow and modern cloud services), but much of this had evolved organically and wasn’t documented in formal policy or evidence.

The initial accreditation involved interpreting a broad question set in the context of a cloud-based creative workflow, defining the scope and translating day-to-day practices into the documented policies, processes and evidence required by the scheme.

As Cyber Essentials continued to evolve, with updated question sets and a stronger emphasis on multi-factor authentication (MFA), ensuring continued compliance became a regular part of their operational priorities.

Grant McGregor provided a guided, clear route to Cyber Essentials Certification and renewal:

• Expert interpretation of Cyber Essentials requirements, tailored to a small creative business.
• Policy and documentation support: turning informal practices into clear, auditable IT processes.
• Practical security improvements such as stronger password management, multi-factor authentication (where available) and a structured approach to keeping devices and software up to date.
• Annual renewal guidance: explaining questionnaire changes and flagging the areas that needed extra attention each year.