Cyber Essentials is a government-backed, industry supported scheme to help organisations protect themselves against common cyber-attacks. It covers five key technical controls that organisations should have in place to provide a basic level of cyber security.
Our NCSC approved accredited team members offer you flexible support tailored to your needs.
Cyber Essentials is increasingly becoming a minimum requirement for both B2B and B2C organisations.
Experience in developing, integrating, and supporting security critical environments.
We pride ourselves on the number of times clients contact us for follow up audits or additional work.
Cyber Essentials certification demonstrates a base-level appreciation of cyber security within your organisation. The assessment process comprises of an online questionnaire being completed by the organisation, which captures information that supports the five controls being in place. Once the questionnaire has been submitted, an accredited Cyber Essentials assessor examines the responses to ensure that these are line with the list of requirements produced by the NCSC (National Cyber Security Centre). If successful, the organisation will be awarded Cyber Essentials certification.
Within the Cyber Essentials scheme, there are five control categories which cover the five most-prominent cyber risks that affect organisations. These controls include the following:
A firewall should be in place between the Internet and your organisation’s internal network.
Default passwords should be changed, and all passwords should be suitably complex to prevent them from being guessed.
Access to your organisation’s data should be controlled through correctly assigned user accounts.
A robust anti-malware solution should be applied to prevent servers and end-user devices from being infected with malicious software.
All security updates and patches should be applied to devices and installed software.
Cyber Essentials Plus builds on the requirements that are mandated by the Cyber Essentials certification and includes an active assessment that is conducted at your organisations premises. The Cyber Essentials Plus assessment requires that organisations already have Cyber Essentials certification and includes a number of specific tests which validate that a subset of the five control categories are implemented correctly.
A successful pass in each of the following tests allows for organisations to be awarded the Cyber Essentials Plus certification:
A vulnerability assessment is conducted against your organisation’s Internet-facing services.
An automated patch audit is conducted on your internal servers and workstations.
A configuration review is conducted of your anti-malware solution.
A test is conducted to assess if malicious files can be sent into your organisation through email attachments.
A test is conducted to assess if malicious files can be downloaded by your users from a potentially malicious server on the Internet.
Cyber Essentials Pricing
If you’re ready to get started with your Cyber Essentials certification, you can book your assessment with a debit or credit card through our online booking system. Our online payments are securely processed by our 3rd-party payment provider – Stripe.
Cyber Essentials Questionnaire Included
External Vulnerability Scan
Internal Vulnerability Scan
Workstation Assessment
Cyber Essentials Plus Results Repor
Certification
Cyber Essentials Questionnaire Included
2 hour Webinar Assistance
External Vulnerability Scan
Internal Vulerability Scan
Workstation Assessment
Cyber Essentials Plus Results Report
Certification
Cyber Essentials Questionnaire Included
Fully Supported With Access To A Trained Assessor
External Vulnerability Scan
Internal Vulerability Scan
Workstation Assessment
Pre Assessment Gap Analysis Report
Cyber Essentials Plus Results Report
Certification
Some frequently asked questions about our assessment process and the Cyber Essentials scheme in general have been answered as follows:
The Cyber Essentials process requires you to complete an online questionnaire which asks a number of questions and requires appropriate evidence to be added. Once this questionnaire has been completed, one of our assessors will review the answers to determine if your organisations cybersecurity is adequate.
We aim to issue our questionnaires to customers on the same day that we receive the online booking and then review the answers on the same day that we receive a completed questionnaire. Although it is very much dependant on our customers completing the questionnaires, we can usually turn around a Cyber Essentials certification in less than a week.
For Cyber Essentials Plus assessments, this depends on our consultants availability to perform the onsite assessment; however, we are normally able to deliver a Cyber Essentials Plus assessment within a 1-2 week window.
Absolutely! Many of our customers have already achieved Cyber Essentials elsewhere and are looking into obtaining Cyber Essentials Plus. It may be that your previous Certification Body couldn’t offer you the Cyber Essentials Plus certification.
Once we start the assessment process, we will ask you to send us your existing Cyber Essentials certificate. We may also need to ask you some additional questions about your organisation and environment, which would otherwise have been answered on your original CE questionnaire.