Skip to main content
Cyber essentials plus certification body

Cyber Essentials PLUS assurance scheme

Extend your Cyber Essential Certification with Cyber Essentials PLUS

Cyber Essentials PLUS is the highest level of certification offered under the Cyber Essentials scheme. Cyber Essentials is a simple but effective government-backed certification scheme, managed by the NCSC (National Cyber Security Centre), designed to help businesses of all sizes protect themselves from the most common cyber threats.

Like the standard self-certification Cyber Essentials scheme, this extended certification also covers the 5 core areas of cyber security to protect businesses from the most common cyber attacks.

However the Cyber Essentials PLUS certification involves a more rigorous hands-on verification of an organisation’s cyber security systems. A series of tests and vulnerability scans are undertaken by our trained cyber security assessors, to confirm that all controls declared in Cyber Essentials self-assessment are implemented on your organisations network.

Certification will not only give you complete peace of mind that your cyber security is up to scratch, your customers will also be assured that you take their security seriously.

About Cyber Essentials PLUS

Cyber Essentials PLUS helps you to guard your organisation against cyber attacks plus gives reassurance to your stakeholders that your organisation is serious about cyber security:

  • All organisations MUST have Cyber Essentials Verified Self-Assessed certification dated within 3 months prior to applying, alternatively, you can complete the online Cyber Essentials self-assessment as part of the Cyber Essentials PLUS certification.
  • The cost of an  assessment will depend on the size and complexity of your network.
  • Assessment tests and vulnerability scans can be undertaken remotely or on-site.
  • An assessor from Infosec Partners will often have to visit your head office and a representative sample of your other offices in order to carry out the tests.
  • If remediation of issues is required, you have 30 days to undertake to avoid resubmission fees. Failure to complete remediation in this time will result in a fail.
  • You will need to renew your certificate annually as it expires after twelve months.

Get Cyber Essentials PLUS Certification

Licensed by The IASME Consortium, as a certification body we support organisations of all sizes to achieve a good baseline level of cyber security that meets the requirements of the schemes.

Our security experts are accredited Cyber Essentials and Cyber Essentials PLUS Assessors. We can also act as consultants to help you achieve the certification.

We can help take the stress out of achieving Cyber Essentials PLUS

If you are unsure if your organisation has achieved the required standards for Cyber Essentials PLUS, InfoSec Partners offers consultancy support to help you through the process:

  • We can perform a pre-audit of your network to ensure that all controls declared in Cyber Essentials self-assessment are implemented on your organisations network.
  • We gain an understanding of your current posture and identify any gaps.
  • Our experienced industry experts will advise and consult on best practices and any changes required to achieve Cyber Essentials PLUS certification.
  • Once we feel your organisation is ready we would then arrange the final audit, giving peace of mind that you will pass.
Cyber essentials plus certified logo


Contact us today for expert guidance on Cyber Essentials PLUS Certification.

Please leave a few contact details and one of our Trusted Advisors will get back to you. Or call us to speak with someone immediately:

+44 (0)203 892 4812

    Cyber Essentials plus benefits

    Protect your business against the most common cyber-attacks with government backed certification.
    Demonstrates to your customers your commitment that you take cyber security seriously.
    Bid for Government, Ministry of Defence and NHS contracts.
    Peace of mind that your defences will protect against most of the common cyber-attacks.
    Attract new business with the promise you have cyber security measures in place.
    Certification includes automatic cyber liability insurance for any UK organisation who certifies their whole organisation and have less than £20m annual turnover (terms apply).

    Cyber Essentials Plus FAQS

    Does my organisation need cyber essentials certification before undertaking cyber essentials plus?

    The Cyber Essentials PLUS assessment verifies the controls detailed in the Cyber Essentials self-assessment questionnaire, therefore Cyber Essentials Certification is required before you can apply for Cyber Essentials PLUS. After achieving Cyber Essentials, organisations have a three-month window to schedule their Cyber Essentials PLUS assessment. Alternatively, you can complete the online assessment as part of the Cyber Essentials PLUS Certification.

    What is involved with the assessment?

    Cyber Essentials PLUS offers a higher level of assurance as it includes a technical audit of your organisations Cyber Essentials certification, with the aim being to confirm that all controls declared in Cyber Essentials self-assessment are implemented on your organisations network, including:

    • Authenticated vulnerability scanning of representative user endpoints, including internet-facing servers.
    • Vulnerability scanning of external internet-facing infrastructure.
    • Password guessing of exposed authentication services.
    • Email attachment tests.
    • Web browser download checks.
    • Review of mobile devices such as smartphones and tablets.

    Assessments will be undertaken on-site or remotely, as arranged with yourselves, across your entire network, testing a range of devices, internet gateways and servers.

    Can my organisation see the assessment criteria in advance?

    Preparation is key. In advance of your assessment we will agree the scope of the assessment with you – the organisation or business unit, the network boundary and the physical locations. Please note this needs to be consistent with the Cyber Essentials Certification you need to already hold. We will also confirm the tests that will be involved.

    We can provide additional guidance to ensure your are prepped, plus undertake analysis such as pre-audit scans, to highlight any issues before the certification assessment is initiated.

    Who conducts the cyber essentials plus assessment?

    Assessments and certificates can only be conducted by certification bodies that have been trained and are currently licensed by IASME to certify against the government’s scheme.

    Infosec Partners are trained and licensed by IASME to undertake certifications, therefore your assessment will be undertaken by Infosec Partners trained cyber security assessors.

    How is the cyber essentials plus assessment undertaken?

    Assessments can either be undertaken on-site or remotely.

    How long does the assessment take?

    This is determined by the size of your network and the number of devices that the Cyber assessor will need to test. In the majority of cases we can complete testing in one business day, and we’ll work out a schedule with you ahead of time to minimise downtime.

    Does certification expire?

    Certification is valid for 12 months only. After this time, you will have to undertake another assessment in order to renew your certificate.

    Close Menu