Industrial SMB in Vaucluse — full managed IT and ISO 27001 audit

« Before Hexceos we had an IT provider 80 km away, a separate cyber provider in Paris, and no one talked to each other. Now we have one steering committee, one invoice, and most importantly one team that answers. »

Context

An industrial SMB in Vaucluse (Provence, France), 90 staff, two production sites, opening of a new Italian subsidiary. The IT estate was fragmented — a local managed IT provider on office, a separate Parisian cyber provider on security, business applications maintained internally by a senior developer about to retire.

Triggers — a tender requiring ISO 27001, the Italian expansion forcing a redesign of cross-border data flows, and the looming departure of the only internal technical reference.

Scope delivered

• Full managed IT replacing the two existing providers — office, applications, network, security.
• 24/7 SOC with two named Hexceos contacts (one technical, one strategic).
• ISO 27001 audit with full support from gap analysis to certification.
• Architecture of data flows between France sites and the new Italian subsidiary (VPN, federated identity, intra-EU GDPR compliance).

Results

• −70% monthly IT user tickets, mainly from workstation stabilisation and MDM deployment.
• ISO 27001 certified in 9 months, unlocking the trigger tender signature.
• Italian subsidiary onboarded in 6 weeks with federated authentication and access to ERP applications at HQ.
• Spanish expansion triggered 8 months later, onboarded with the same playbook.

What changed

The CEO has a single contact for IT and cyber, present at quarterly board meetings. Budget arbitrations have become readable. The successor of the internal reference, recruited in parallel, could focus on business applications without taking on cyber.

Anonymised at the customer’s request. Figures presented reflect real measurements on a single customer between 2024 and 2026.