Home Case Studies
Client Stories

Real Businesses.
Real Results.
South Wales.

How OrenTech has transformed IT and cybersecurity for regulated professional services firms — delivering predictable costs, enterprise-grade protection, and technology that actually works for the business.

Read Case Studies Discuss Your Business
All Sectors Accountancy Legal Dental Financial Services
Across All Client Engagements
"Every client we work with had the same problem: technology that wasn't working hard enough for their business."
100%
UK GDPR compliant
0
Breaches to date
£0
Surprise invoices
01
Chartered Accountants
Griffiths & Parry LLP
Cardiff
Achieved Cyber Essentials+, eliminated unpredictable IT costs, and secured client data across 3 offices.
Read case study →
02
Solicitors
Bevan & Thomas Solicitors
Newport & Cwmbran
SRA-compliant IT and cybersecurity, ransomware attempt blocked, and 40% reduction in IT spend.
Read case study →
03
Dental Practice
Valleys Dental Group
Merthyr Tydfil
NHS DSP Toolkit submission supported, patient data secured, and clinical systems stabilised across 4 surgeries.
Read case study →
04
Financial Advisers
Cambrian Wealth Management
Swansea
FCA-aligned security posture, dark web monitoring, and a technology overhaul that reduced adviser admin time by 30%.
Read case study →
Chartered Accountants · Cardiff

Griffiths & Parry LLP

Cardiff Bay & City Centre · 38 staff · 3 partners · Est. 1987

A long-established Cardiff accountancy practice serving over 400 SME clients across South Wales. Regulated by ICAEW and handling sensitive client financial data daily across three offices. Their previous MSP had delivered years of unpredictable invoices, three separate security tools nobody fully understood, and a near-miss ransomware incident that finally prompted a change.

Outcomes at a Glance
Cyber Essentials+
Achieved within 90 days of onboarding
£14,200
Annual IT cost reduction vs previous MSP
3 → 1
Security tools consolidated into Cynet XDR
Plan: Business Secure

The Challenges

  • IT invoices varied by £2,000–£4,000 month to month with no predictability
  • Three separate security tools: AV, email filter, and backup — none integrated or monitored
  • A phishing email had led to a compromised staff account — discovered only by chance
  • ICAEW audit raised concerns over data handling and access controls
  • Staff working from home post-pandemic with no formal remote access policy
  • Microsoft 365 licences were over-allocated — paying for 12 more seats than needed

The OrenTech Solution

We began with a full infrastructure and security audit across all three offices. Within 48 hours of onboarding, SuperOps RMM gave us visibility of every device. Cynet XDR replaced the three disconnected security tools in a single deployment — with immediate 24/7 SOC coverage.

We conducted an M365 licence audit on day one, right-sizing from 50 to 38 seats and recovering £3,600 in annual spend. Conditional access policies and MFA were enforced across all accounts within the first week.

We then prepared and supported Griffiths & Parry's Cyber Essentials+ application — managing the technical evidence, gap remediation, and assessor liaison from start to certification in 90 days.

Cynet XDR SuperOps RMM M365 Optimisation Cyber Essentials+ MFA Enforcement Conditional Access Remote Access Policy
"We'd had IT support for years but never felt like anyone was looking after us strategically. OrenTech came in, told us exactly what was wrong, fixed it, and gave us a bill we could actually predict. The Cyber Essentials certification was a bonus we hadn't expected to achieve so quickly."
Managing Partner · Griffiths & Parry LLP · Cardiff
90
Days to Cyber Essentials+
£14.2k
Annual saving vs old MSP
100%
MFA adoption (staff)
Zero
Security incidents post-onboard
Solicitors · Newport & Cwmbran

Bevan & Thomas Solicitors

Newport & Cwmbran · 52 staff · 6 partners · Est. 2003

A two-site solicitors practice regulated by the SRA, handling conveyancing, family law, and commercial property across Newport and Cwmbran. Law firms are among the most targeted by cybercriminals — specifically for the high-value client funds held during property transactions. When a ransomware attempt was blocked by their then-current AV, Bevan & Thomas realised they had escaped through luck, not design.

Outcomes at a Glance
Blocked
Ransomware variant detected and isolated within 4 seconds by Cynet
40%
Reduction in total annual IT spend
SRA Ready
IT and security controls mapped to SRA Cybersecurity Standards
Plan: Compliance Elite

The Challenges

  • A ransomware variant had partially executed before being stopped — no forensics or root cause analysis available
  • Conveyancing team using unencrypted email for client fund instructions — a critical SRA compliance failure
  • Two separate IT suppliers across two offices with no unified visibility or management
  • No formal IT security policy, no documented access controls
  • Practice management software on an unsupported server with no backup verification
  • Paying for 52 M365 Business Basic licences when the practice needed Business Premium

The OrenTech Solution

The ransomware incident made speed essential. We onboarded Bevan & Thomas within 72 hours, deploying Cynet XDR across all 52 endpoints at both sites simultaneously. Within 24 hours of deployment, Cynet detected and blocked a second attempted intrusion from the same threat actor — confirming the original incident had left a persistent backdoor their previous AV had missed entirely.

We consolidated management of both sites under SuperOps, established encrypted email workflows for client fund instructions, and upgraded the M365 estate to Business Premium — unlocking Defender capabilities and actually reducing overall licensing cost through right-sizing.

A full SRA Cybersecurity Standards gap analysis was produced and remediated, giving the partners documented evidence of compliance and a defensible position in the event of any future SRA inspection.

Cynet XDR M365 Business Premium SRA Standards Mapping Encrypted Comms Datto BDR Unified Site Management Incident Response
"When Cynet detected a second attack within 24 hours of going live, we realised how exposed we'd been. OrenTech didn't just fix the problem — they showed us exactly what had happened, why, and what they'd done about it. That transparency is what we needed."
Senior Partner · Bevan & Thomas Solicitors · Newport
4s
Threat isolation time
40%
IT cost reduction
2
Attacks blocked in week 1
SRA
Standards compliant
Dental Practice · Merthyr Tydfil

Valleys Dental Group

Merthyr Tydfil, Aberdare & Treorchy · 4 surgeries · 31 staff

A growing multi-site NHS and private dental group across the Valleys, subject to NHS DSP Toolkit obligations and handling patient data under UK GDPR. Clinical systems — patient records, X-ray imaging, appointment management — were running on ageing hardware with no centralised management, no verified backup, and an annual NHS DSPT submission the practice manager described as "a nightmare we dread every year."

Outcomes at a Glance
DSPT
NHS DSP Toolkit submission completed on time with zero findings
4 Sites
Unified under single management platform — first time ever
Zero
Clinical system outages in 12 months post-onboarding
Plan: Compliance Elite

The Challenges

  • Four completely separate IT setups — each site managed by a different local IT person
  • Clinical imaging system running on Windows 7 — end-of-life, unpatched, unprotected
  • No verified backup — last restore test had never been performed
  • Previous year's NHS DSPT submission was marked "approaching standards" — a risk to NHS contract
  • Patient data being shared via unencrypted USB drives between sites
  • Staff using personal email to send patient appointment information

The OrenTech Solution

We began with a full clinical IT audit — mapping every device, every data flow, and every compliance gap across all four sites. The priority was the Windows 7 imaging system: we worked with the clinical software vendor to validate migration to a supported OS without disrupting the imaging database, eliminating the most critical security risk within 3 weeks.

SuperOps brought all four sites under unified management for the first time, giving visibility of every device from a single dashboard. Datto BDR was deployed with image-based backup and a first verified restore test completed within week two.

We then worked through the NHS DSPT requirements systematically — producing evidence packs, updating policies, training staff, and managing the formal submission. The result: "Standards Met" on the first submission under OrenTech management.

NHS DSPT Support Datto BDR SuperOps RMM Clinical System Migration Cynet XDR Encrypted File Transfer Staff Training
"The DSPT used to take our practice manager weeks of stress every year and we still didn't feel confident in the result. OrenTech handled it alongside everything else — it felt like nothing. We got 'Standards Met' and barely had to think about it."
Principal Dentist · Valleys Dental Group · Merthyr Tydfil
Standards Met
NHS DSPT result
3 weeks
Legacy OS remediated
0
Outages in 12 months
4 → 1
IT suppliers consolidated
Independent Financial Advisers · Swansea

Cambrian Wealth Management

Swansea City Centre · 18 staff · 4 advisers · FCA authorised

A Swansea-based IFA practice managing over £120m in client assets, directly authorised by the FCA and subject to strict data security and operational resilience requirements. As a smaller firm operating in a heavily regulated environment, Cambrian had accumulated technology debt — multiple disconnected systems, manual processes that consumed adviser time, and a cyber posture that would not have survived FCA scrutiny.

Outcomes at a Glance
30%
Reduction in adviser administrative time through M365 adoption
FCA Aligned
Cyber posture mapped to FCA operational resilience guidance
3
Dark web credential exposures detected and remediated in year one
Plan: Compliance Elite

The Challenges

  • Advisers spending 6–8 hours per week on manual document handling that M365 automation could eliminate
  • No dark web monitoring — two adviser email addresses found on breach databases during initial assessment
  • Client data stored on local desktops with no centralised control or access audit trail
  • FCA's operational resilience guidance had not been reviewed against existing IT controls
  • Previous IT provider had never produced a business continuity or disaster recovery plan
  • Staff sharing passwords for a legacy CRM system — a compliance and security failure

The OrenTech Solution

The immediate priority was the two compromised email addresses found during the dark web scan — we forced password resets, reviewed account activity for suspicious access, and enrolled both users in Cynet's continuous identity monitoring within 2 hours of discovery.

We then led a full M365 optimisation engagement: migrating client documents to SharePoint with granular access controls, deploying Teams for internal workflow, and working with advisers directly to automate document generation and approval workflows. The result was measurable time recovered — 30% fewer hours per adviser per week spent on administrative tasks.

A formal FCA operational resilience gap analysis was produced, covering important business services, impact tolerances, and the IT controls supporting them. This gave Cambrian a defensible documented position for regulatory purposes and identified two additional resilience improvements we subsequently implemented.

Dark Web Monitoring M365 Adoption Programme Cynet Identity Protection FCA Resilience Mapping SharePoint Migration Datto BDR Access Audit Controls
"Finding out two of our adviser email addresses were on breach databases during the very first assessment was a wake-up call. But more than the security work, it's the time OrenTech has given back to our advisers. That directly translates into more client time and more revenue."
Managing Director · Cambrian Wealth Management · Swansea
30%
Adviser time recovered
3
Credentials remediated
2hrs
Time to remediate breach
FCA
Resilience documented
Regulated Sectors

Industries We Specialise In

OrenTech's compliance experience spans the regulated professional services sectors most common across South Wales.

Accountancy & Tax
ICAEW and ACCA regulated practices. Client financial data, HMRC access controls, and the elevated phishing risk that comes with trusted financial relationships.
ICAEW · UK GDPR · Cyber Essentials
Legal & Conveyancing
SRA regulated solicitors handling client funds, confidential instructions, and property transactions — among the most targeted sectors for cybercrime in the UK.
SRA Standards · UK GDPR · Cyber Essentials
Dental & Healthcare
NHS and private practices with patient data obligations, clinical system dependencies, and annual NHS DSP Toolkit submission requirements.
NHS DSPT · UK GDPR · CQC
Financial Services & IFAs
FCA directly authorised and appointed representative firms managing client assets and subject to operational resilience requirements.
FCA · UK GDPR · Cyber Essentials+
Your Business Could Be Next

See What OrenTech
Can Do For Yours.

Gadewch i ni ddechrau sgwrs — Let's start a conversation

Every client in these case studies started with the same conversation: a free, honest assessment of where their technology and security actually stood. No obligation. No sales script. Just clarity.

Book a Free Assessment View Plans & Pricing
hello@orentech.co.uk · 01443 551935 · Based in South Wales · orentech.co.uk