Cyber Essentials is a simple but effective, Government-backed scheme that will help you to protect your organisation, whatever its size, against a whole range of the most common cyber attacks.

You can apply for either certification. Whether you need one or the other will depend on your driving factor for getting certified. Some procurement bodies, particularly those in the UK public sector, will require that you have either Cyber Essentials or Cyber Essentials Plus. Alternatively, your stakeholders, such as customers, suppliers or insurance companies, may also require you to have either certification. You may also simply want the additional reassurance Cyber Essentials Plus gives that your IT Security is up to scratch.

If you’re not sure which option is right for your organisation, feel free to contact us for a discussion.

Cyber Essentials consists of a self-assessment questionnaire which is assessed by an approved certification body. The questionnaire assesses your organisation’s IT systems against five core controls: firewalls and gateways, malware protection, patch management, secure configuration, and access control.

Cyber Essentials Plus requires you to have already achieved Cyber Essentials certification and verifies the core security controls you have in place. Cyber Essentials Plus consists of a series of vulnerability assessments and malware response evaluations, ensuring that the controls you have described in the Cyber Essentials self-assessment questionnaire are working at an acceptable level.

There are many benefits, including:

• Reassure customers that you secure your IT against cyber attacks
• Attract new business with the assurance you have cyber security measures in place
• Give a clear picture of your organisation’s cyber security level
• Grow business as some public sector contracts and organisational supply chains require Cyber Essentials certification

In order to be eligible for the £25,000 Cyber insurance, organisations must meet the following requirements:

• The entire organisation is certified
• The organisation is domiciled in the UK
• The organisation’s annual turnover is under £20m

Cyber Essentials consists of a self-assessment questionnaire which is assessed by an approved certification body. The questionnaire assesses your organisation’s IT systems against five core controls: firewalls and gateways, malware protection, patch management, secure configuration, and access control.

The Cyber Essentials Plus assessment includes external vulnerability scans, internal authenticated patch audits of a sample of your estate, malware assessment and device configuration validation.

Of course! However, you must achieve Cyber Essentials Plus within 90 days of becoming Cyber Essentials certified. If you fail to do so, you’ll have to reapply for Cyber Essentials.

If you purchase one of our Cyber Essential Plus inclusive packages, we’ll plan to achieve both certifications within the 90-day period, meaning you shouldn’t have to reapply for your Cyber Essentials certificate.

No. While some of the answers you gave last year will still be valid, many will not. This is because Cyber Essentials asks questions about many changeable aspects of your IT systems, such as the current versions of software and operating systems you are using, numbers of workers, mobile devices in use, and more.

For this reason, we will always advise creating your renewal application from scratch.

Not necessarily. We provide a free readiness assessment to help you determine what you need to do to become certified. You can use this assessment report to help you decide how much support you’ll need from us. Our packages offer varying amounts of technical support to help you get across the line.

Cyber Essentials requires that all operating system software must be receiving regular security patches from the supplier. Windows 7 and Windows Server 2008 are end of life; however, it is possible to receive continuing security updates from Microsoft if you have an extended security update agreement in place.

Renewal is automatic.

Approximately three months in advance of your renewal date, one of our consultants will be in touch with the current question set. We recommend you begin completing the renewal process at this stage so that there is plenty of time to submit your answers for assessment and feedback, enabling you to maintain continuous compliance and certification for your organisation.

Our packages are either for Cyber Essentials or Cyber Essentials Plus, and the levels of support vary between each package. You should review the features of each package on our packages page.

Yes, absolutely. You can go ahead and purchase any package from us through our website and we’ll handle the transfer process, or if you would like to contact us to discuss your situation first, feel free.

You can also achieve Cyber Essentials Plus through us, even if you’ve already got Cyber Essentials through another certifying body.

On successful completion of your application to Cyber Essentials or Cyber Essentials Plus, you’ll be issued with a report including your certificate, as well as the relevant badge. We will also provide branding guidelines for use of the badge on your materials.

A Cyber Essentials or Cyber Essentials Plus certificate is valid for one year.

The cost of Cyber Essentials Plus starts at £1200. This assumes you’ll need little to no support in order to achieve the certification. This also includes Cyber Essentials certification if you don’t already have it.

If you require more support than standard, please contact us, and we will happily provide a quote based on your organisation’s circumstances.

We have three packages availble for Cyber Essentials, offering varying levels of support depending on your requirements. Our prices range from £350 to £950.