Cyber Essentials Plus is a UK Government standard for technical controls to help organisations improve the level of IT infrastructure security and guard your organisation against cyber attack. This certification requires you to have an independent audit of your systems.
This scheme is designed to help organisations prevent highly common internet-based attacks and to implement the right controls to protect the confidentiality, integrity, and availability of stored data on devices on all internet-facing devices.
Cyber Essentials certification is a simple process to protect your business guard against common cyber threats. You will need to complete a self-assessment questionnaire which is assessed by a British Assessment Bureau assessor. They will independently check your completed questionnaire to ensure that you have in place the recommended FIVE cyber key controls necessary to protect your organisation from the most common cyber attacks
Cyber Essentials Plus certification still has the same basic principles as Cyber Essentials but will have a more rigorous test of your organisation’s cyber security systems. It will require a hands-on technical verification with a qualified assessor to check your eligibility for Cyber Essentials Plus certification.
Becoming Cyber Essentials Plus certified confirms you have been independently audited and have addressed your cyber security effectively and reduced the risk from internet-based threats and have met the standards set by Cyber Essentials scheme.
Certification gives assurance to stakeholders that you demonstrate compliance to the FIVE key controls, protecting your organisation against cyber threats and this reassurance may help with winning new business. Depending on the industry sectors you work within, central government contracts require Cyber Essentials certification as a minimum.
Protecting your organisation against the majority of common cyber attacks demonstrates to stakeholders your commitment to keeping their data secure which can lead to business retention and potentially new business.
By having a higher level of security of your systems it will help drive business efficiencies throughout your organisation which helps improve productivity through streamlined processes and reducing operational costs.
Bid for UK central government contracts that involve the handling of personal and sensitive information.
Reduce your insurance premiums by reducing your resilience to cyber threats.
This all depends on your organisational needs. If you are looking to work within the public sector and bid for central government contracts than they will ask for Cyber Essentials as a minimum. If you want to demonstrate that your organisation is compliant with cyber security and takes data protection seriously and you hold sensitive data, then you may want to also achieve Cyber Essentials Plus certification.
Become Cyber Essential Plus certified through these simple steps
More details on cyber security and the Cyber Essentials and Cyber Essentials Plus scheme can be found at the National Cyber Security Centre website.
You can download a copy of the self-assessment questionnaire here and you can find further guidance on the National Cyber Security Centre website.
The Cyber Essentials question set is part of the Cyber Essentials Plus certification process. It is the same checks as Cyber Essentials scope but involves a technical audit of the systems. This includes a representative set of user devices, all internet gateways, and all servers with services accessible to unauthenticated internet users. If you have achieved the basic level Cyber Essentials certification less than 3 months before certifying to Cyber Essentials Plus and nothing has changed you will not need to repeat the self-assessment questions stage. The assessor will check that you still meet the FIVE security requirements of Cyber Essentials before proceeding with Cyber Essentials Plus certification.
Cyber Essentials self-assessment forms part of the application for Cyber Essentials Plus and is processed at the same time. You must meet the minimum requirements of Cyber Essentials before we process the Cyber Essentials Plus and complete the Cyber Essentials questionnaire which will verify your compliance as part of achieving Cyber Essentials Plus.
To apply for Cyber Essentials Plus you must possess a Cyber Essentials certificate, supply a copy of the Cyber Essentials questionnaire submitted, and confirm that no changes have been made to your controls since that submission.
Cyber Essentials Plus assessments involve a technical audit of the system and must be quoted individually. You can request a quotation here.
You will need to complete and pass the Cyber Essentials requirements and once we have carried out the technical audit, we aim to return a report as quickly as possible. I may take up to five working days from the time you submit your assessment.
You can take as long as you want to start your assessment. Once you have started it, you need to complete it including any corrective actions identified by your assessor within one month.
If you fail the assessment, we will supply a report back with the answers you gave along with the assessor feedback. This should help you improve your security so you can pass again in the future. You will have 30 days for the remediation of any components of the assessment which received fail status.
Yes, organisations overseas can get certified, contact us now.
Certificates expire after 12 months, therefore, we recommend you seek to renew your certification before expiry.
We will email you with a reminder before your expiry date to check your situation and if you want to proceed with another year’s certification.
If you have made no significant changes to your security setup, you may wish to copy and paste the details from the previous year’s submission into the self-assessment questionnaire. You will still need to book your technical audit and wait for the report which may take up to five days.
This will depend on your motivations for being certified, if you are asked to be Cyber Essentials Plus certified, an ISO 27001 certification although more comprehensive will not show that your security levels are up to the National Cyber Security Centre (NCSC) standards.
ISO 27001 is an international standard that provides specifications for an ISMS (Information Security Management System)–a systematic approach to managing information security risk. It goes considerably further than Cyber Essentials, but they are complementary to one another.
Some government contracts may require you to be as a minimum Cyber Essentials certified, it is important that you seek clarification for each contract.
Cyber security firm IASME was chosen by the National Cyber Security Centre (NCSC) to take over full responsibility for Cyber Essentials delivery and become the Cyber Essentials Partner with the NCSC. The IASME Governance standard allows small companies in a supply chain to demonstrate their level of cyber security cost-effectively to show that they are taking the steps to properly protect their customers’ information.
We understand that certification can appear daunting. Our experts are here to make sure that the process is as smooth as possible and that you gain maximum benefits.
