Skip to main content
Cyber essentials plus certification body

Cyber Essentials assurance scheme

Helping to protect your organisation from cyber attacks

Cyber Essentials is a simple but effective government-backed certification scheme, managed by the NCSC (National Cyber Security Centre), designed to help businesses of all sizes protect themselves from the most common cyber threats.

A survey in March 2021 reported that nearly 40% of UK businesses and charities reported a cyber-attack during the previous year, and it’s not just big businesses being targeted, small businesses are at risk too.

A cyber attack can maliciously disable devices, steal data, or use a compromised device as a launch point for other attacks. But it can also do so much more than that. The long term implications are huge. A security incident can have devastating consequences when taking into account lost revenue, lost customer and employee trust, regulatory fines and damage to an organisation’s reputation.

Cyber Essentials demonstrates a commitment to cyber security

Cyber Essentials helps you to guard your organisation against cyber attack plus gives reassurance to your stakeholders that your organisation is serious about cyber security:

  • Reassure staff, customers and partners that you are working to secure your organisation against cyber attacks
  • Give confidence that you are taking steps to protect sensitive data held within your organisation
  • Provides your management team with a clear picture of your organisation’s cyber security level
  • Helps you to attract new business with the promise you have the appropriate cyber security measures in place
  • If you are planning to bid for central government contracts which involve handling sensitive and personal information, you will require Certification

Cyber Essentials focuses on the most common cyber threats

The scheme focuses on 5 different areas of cyber security, which when correctly deployed, will protect your organisation from the most common cyber security threats:

  1. Firewalls – ensuring that your boundary firewalls are configured to allow only authorised inbound and outbound traffic
  2. Secure configuration – ensuring that security controls have been agreed upon and implemented will help to reduce configurations in default settings
  3. User access controls – making sure that user accounts are configured with only the level of access which is needed.
  4. Patch Management – ensuring that all software is kept up to date with the latest security updates
  5. Malware management – Making sure you have proper malware protection in place on all devices

Cyber Essentials can be gained through self assessment

Certification offers a self-assessment option that gives you peace of mind that your defences will protect against the vast majority of common cyber attacks, and will deter unwanted attention from more sophisticated attacks. Cyber Essentials self assessment certification costs £300+ vat, and if successful certification is valid for 12 months.

Cyber Essentials certification is undertaken through self assessment via an on-line portal. Organisations assess themselves against the five basic security controls and then Infosec Partners, as a qualified assessor, verifies the information you have provided and if you are successful you will be awarded a certification. If you started the certification process before 24 April 2023, the self assessment questions are available to view here.  For oganisations starting the certification process after 24 April 2023 the new question set is here. Please note these questions are for information only. If you want to be assessed you cannot simply submit these question sets to us. You must apply online for an assessment and submit your answers through the portal.

IASME is the NCSC’s Cyber Essentials Partner, responsible for the delivery of the scheme. Infosec Partners are trained and licensed by IASME to certify against the Government’s Cyber Essentials Scheme. We are also available to offer consulting and support services to help you achieve Cyber Essentials Certification.

Take the stress out of self assessment certification

Some of the self-assessment questions can be difficult to understand if you do not have a technical IT background or have a complex company IT structure.

As a Cyber Essentials Certification Body, Infosec Partners offers consultancy support to help you through each step of the Cyber Essentials certification process:

  • to help you understand the assessment questions and how they relate to your organisation
  • identify what steps you need to take in order to achieve certification
  • work with you to identify and resolve any potential areas of weakness

If your organisation needs additional support in completing and submitting the assessment we can also:

  • perform a pre-assessment check to highlight any areas that require attention before you submit your final assessment
  • carry out self assessments on behalf of existing clients

Extend your  Certification with Cyber Essentials PLUS

Cyber Essentials PLUS is the highest level of certification offered under the Cyber Essentials scheme.

This extended certification also covers the 5 core areas of cyber security however it involves a more rigorous hands-on verification of an organisation’s cyber security systems. A series of tests and vulnerability scans are undertaken by our trained cyber security assessors, to confirm that all controls declared in Cyber Essentials self-assessment are implemented on your organisations network.

All organisations must have Cyber Essentials Verified Self-Assessed certification dated within 3 months prior to applying for Cyber Essentials PLUS, alternatively, you can complete the online Cyber Essentials self-assessment as part of the Cyber Essentials PLUS certification.

Cyber essentials logo

FREE Cyber Essentials Certification CONSULTATION

Contact us today for expert guidance on Cyber Essentials Certification.

Please leave a few contact details and one of our Trusted Advisors will get back to you. Or call us to speak with someone immediately:

+44 (0)203 892 4812

    Cyber Essentials benefits

    It shows your commitment to security; demonstrating to your business partners, regulators and suppliers that you take cyber security seriously.
    It is a mandatory requirement for government suppliers and for all public service contracts.
    It enables you to safeguard commercially sensitive data.
    It protects your company’s profits and reputation by avoiding the financial implications any negative publicity associated with a cyberattack.
    It gives you a competitive advantage, particularly in comparison to rivals without accreditation.

    Cyber Essentials Frequently Asked Questions

    can I see the online assessment questions before starting the assessment process?

    Yes, you can download a copy of the assessment questions here. Tis is the new question set which is effective for all starting the certification process from 24 April 2023.

    How will my submission be assessed?

    Infosec Partners are trained and licensed by IASME to certify against the Government’s Cyber Essentials Scheme. As a qualified assessor, we will verify the information you have provided via the online portal.

    How long does it take to get certification?

    How quickly you achieve the Certification however depends on:

    • How well you know your systems and processes
    • The level of effort and resource you can apply to preparing and submitting the assessment.
    • In essence, how quickly you can demonstrate that you can meet the requirements.
    • If your self assessment passes then you will receive certification within 24 hours, if further work is required then certification will take longer.

    How do I ensure that I pass?

    We offer a consultancy service and can work with you in advance of your assessment to ensure that everything is in order. Get in touch with the Infosec Partners team for more information.

    How long do i have to complete the assessment on the online portal?

    Once your access to the online portal has been setup, you will have 6 months to complete the self-assessment, any longer than this and your access to the portal may be denied and additional costs may be incurred.

    How long does it take for my submission to be assessed?

    We aim to assess all submissions within 24 hours.

    If my organisation fails the self assessment, can we retake the assessment at no extra cost?

    If you complete the self-certification and fail, you are allowed two working days to examine the feedback from the assessor and change any simple issues with your network and policies. You can then provide the updated answers to the assessor who will review. If you still fail the certification after these two days, you will have to reapply and pay the assessment fee again.

    Close Menu