Cyber Essentials Plus was launched in 2014 by the UK government, specifically through the National Cyber Security Centre (NCSC) and the Department for Digital, Culture, Media and Sport (DCMS).
Cyber Essentials Plus is a more in-depth certification than Cyber Essentials, involving a rigorous test of your organisation’s cyber security systems as well as hands-on technical verification. It provides a higher level of assurance.
Cyber Essentials Plus can apply to organisations across all sectors, helping organisations to establish robust cyber defences and promoting a culture of cyber security excellence.
Cyber Essentials Plus requirements guide you in establishing an effective cyber security framework for your organisation. There are five key technical controls across both Cyber Essentials and Cyber Essentials Plus:
In order to become Cyber Essentials Plus-certified, an organisation must have an existing Cyber Essentials certification that is less than two months old.
Cyber Essentials Plus certification demonstrates that your organisation’s cyber security measures meet the respected Cyber Essentials Plus standard. It assures customers, partners and regulators that you consistently maintain strong security practices to protect against cyber threats.
Certification focuses on your cyber security measures, rather than the entire organisation.
Certification builds trust with clients and stakeholders, fulfils contract requirements and provides a competitive edge by showcasing your commitment to cyber security.
To achieve certification, follow these steps:
ISO 27001 is a comprehensive international standard for information security management systems, focusing on a wide range of security controls and risk management.
Cyber Essentials Plus is a UK certification that targets basic cyber security measures, with an emphasis on protecting against common cyber threats.
While ISO 27001 involves a detailed risk assessment and management process, Cyber Essentials Plus includes a hands-on technical verification to check that essential security controls are in place.
No, Cyber Essentials Plus is not a legal requirement.
However, some government contracts mandate it for suppliers and it helps organisations demonstrate their commitment to cyber security best practices.
Everyone can benefit from Cyber Essentials Plus! Organisations that handle sensitive data or wish to demonstrate a higher level of cyber security assurance can pursue Cyber Essentials Plus certification.
It is particularly beneficial for businesses looking to enhance their security posture and build trust with clients and partners who require verified cyber security measures.
Cyber Essentials Plus is primarily recognised in the UK, as it is a government-backed scheme.
However, its principles of basic cyber security measures are universally applicable, and it can be respected by international clients and partners who value verified cyber security practices, especially for businesses operating within or with the UK.
Cyber Essentials Plus certification is valid for one year. Organisations must undergo an annual assessment to maintain their certification, so that their cyber security measures continue to meet the required standards and adapt to evolving threats.
Yes, Cyber Essentials Plus is a worthwhile investment for many organisations in different sectors.
It provides a cost-effective way to enhance cyber security measures, improve data protection and demonstrate commitment to cyber security to clients and stakeholders. The certification can also open doors to new business opportunities, as some contracts and clients require it.
The cost of Cyber Essentials Plus varies depending on the size and complexity of the organisation and the chosen certification body. Typically, it ranges from a few hundred to a few thousand pounds. Organisations should contact accredited certification bodies to get specific quotes tailored to their needs and circumstances.