Please note, to complete Cyber Essentials Plus, companies must have gained the basic Cyber Essentials certification within the last 3 months.
1 Free cyber insurance available to UK companies with a turnover of less than £20M.
2 Remote support limited to ½ day via telephone, email or video conferencing. Additional days are available at our standard rate.
3 On-site support limited to 1 day. Additional on-site days are available and chargeable at our standard rate.
4 Up to 10 IP addresses.
5 Up to 10 workstations (device builds).
Cyber Essentials looks at five key areas of cybersecurity to ensure your business is operating to strong security standards. These areas are:
A Cyber Essentials assessment consists of completing a questionnaire covering the five key technical controls. Cyber Essentials Plus goes a step further to also include a vulnerability scan of externally facing devices in scope along with a workstation assessment and an internal vulnerability scan.
Yes, you must achieve Cyber Essentials first before you can achieve Cyber Essentials Plus.
Ideally yes, although in certain circumstances, it can be done remotely.
If all your workstations are from a common build, we only need to undertake sample-based testing. However, if your organisation has multiple build types and you support BYOD (Bring Your Own Device), then each one will require testing individually.
Yes. Cyber Essentials focuses on fundamental IT controls, whereas ISO 27001 takes a more holistic approach, incorporating policies and procedures. As ISO 27001 is much more involved, you’ll find it easier to obtain Cyber Essentials/Cyber Essentials Plus certification if you’re already ISO 27001 compliant. We recommend achieving Cyber Essentials in addition to ISO 27001 as it demonstrates your commitment to good security practices, and some businesses/customers may only look for your Cyber Essentials certification, or not understand the difference between Cyber Essentials and ISO 27001.