Cyber Essentials vs Cyber Essentials Plus
Choose the right level of certification for your organisation
Cyber Essentials
Self-assessment based certification verified by an assessor.
- Self-assessment based
- Lower cost option
- Faster certification
- Ideal for SMEs
Cyber Essentials Plus
Independent technical testing by accredited certification body.
- Technical vulnerability testing
- Higher level assurance
- Malware protection validation
- Required for sensitive contracts
The Five Cyber Essentials Controls
Core technical controls targeting major cyber attack vectors
Firewalls
Block unauthorised network access
Secure Config
Remove default settings
Access Control
Limit user privileges
Malware Protection
Defend against malware
Patch Management
Keep software updated
Benefits of Cyber Essentials
Why UK organisations choose Cyber Essentials certification
Government Contracts
Mandatory for UK government tender processes involving sensitive data. Essential for public sector suppliers.
Reduced Cyber Risk
Protects against 80% of common cyber attacks including phishing, ransomware, and malware.
Customer Confidence
Demonstrates commitment to protecting client and employee data. Builds trust with stakeholders.
Competitive Advantage
Stand out in tenders and win contracts where cyber security credentials are required.
GDPR Support
Supports GDPR security obligations and demonstrates due diligence for data protection.
Insurance Benefits
Can reduce cyber insurance premiums and demonstrates risk management to insurers.
Certification Process
Simple steps to achieve Cyber Essentials certification
Define Scope
Identify systems, devices, and users to be included in your certification scope.
Complete Assessment
Answer the self-assessment questionnaire about your security controls and configurations.
Verification
An assessor verifies your answers. For Plus, technical testing is conducted.
Certification
Receive your certificate valid for 12 months. Annual renewal required.
Frequently Asked Questions
Is Cyber Essentials mandatory in the UK?
Cyber Essentials is mandatory for UK government tender processes involving sensitive data. Outside public sector procurement, it's not legally required but increasingly expected by customers and partners.
How long does certification take?
Most organisations complete Cyber Essentials within a few weeks. Cyber Essentials Plus may take longer due to technical testing and remediation requirements.
Does Cyber Essentials cover cloud services?
Yes. Cloud platforms such as Microsoft 365, Google Workspace, and AWS must be included where in scope. Cloud security configuration is assessed.
Can small businesses achieve Cyber Essentials?
Yes. The scheme was specifically designed to be achievable for UK SMEs. It provides clear, proportionate requirements without excessive burden.
How often do I need to renew?
Both Cyber Essentials and Cyber Essentials Plus certificates are valid for 12 months. Annual renewal is required to maintain certification.
Ready for Cyber Essentials Certification?
Protect your organisation and win government tender processes. Our experts guide you through every step.
How Much Does Cyber Essentials Cost?
The cost of Cyber Essentials certification varies based on several factors. Some consultants and certifiers adopt charging models based on the project's complexity, company size, and sometimes even the company's turnover.
At Certigence, our pricing is straightforward, calculated by multiplying an agreed day rate by the number of days work. This is based on the work to be done, mitigated by any the company has done already or will be doing internally. This ensures clarity and transparency, giving you a clear understanding of the commitment before the project commences.
We provide a free telephone or Zoom consultation with one of our consultants to find out enough about your organisation to be able to make a formal proposal without charge or obligation. This allows you to research costs for free before making any commitments!
How Can Certigence Consultants Help?
Certigence's extensive consultant network spans the entire UK and has been operating ISO systems expertise combined with industry know-how for over 25 years. This dual proficiency enables them to comprehend your unique needs and translate them into certifier-accepted procedures that genuinely suit your organisation's operations.
Our services encompass full or partial ISO system development and implementation, including GAP analysis and customised internal training to support system functionality. We craft organisation-specific reports tailored to your activities.
Beyond initial implementation, we conduct internal audits, facilitate management review meetings, and offer ongoing maintenance for short, medium, or long terms. Our presence during certification stages, if desired, ensures assessors avoid unnecessary complexity. Furthermore, we offer pre- and post-certification review services to address certifier-raised concerns, reinforcing your ISO system's effectiveness.
Process Overview
Initiation and Assessment Discussion
We engage in a free, no-obligation discussion to understand your existing systems and operations, allowing us to generate a formal proposal.
Work Commencement and Collaborative Development
Upon acceptance, collaborative work commences to create and install systems, involving you and your team to ensure alignment with your needs, your understanding and acceptance of the results and compliance with ISO standards.
Initial Assessment (Stage 1): Ensuring Systems Meet Standard
The certifier reviews that systems cover all relevant parameters correctly. You may choose to have our consultant present during the initial assessment to assist with any questions the certifier may have.
Final Evaluation (Stage 2): Achieving Certification
The consultant ensures internal audit, management review, and training aspects are covered. The certifier conducts the conclusive Stage 2 assessment, verifying operational systems' alignment with Standard requirements. Upon successful completion, you attain Certification.
Why Should You Use a Certigence Consultant?
At Certigence, we match your requirements with suitable consultants based on their industry expertise, proximity, and compatibility. In the event of a consultant's unavailability, a substitute can step in promptly, avoiding project disruptions and re-hiring expenses. Our consultants have often previously worked with certifiers, learning that side of the procedure – facilitating a seamless Certification process.
This commitment reflects in our track record – a 100% first-time certification success rate spanning over 25 years.
Ready to Speak? What Happens Next?
After contacting Certigence, you'll receive an email or a call from the Director or a consultant. Discussions about needs, timelines, reasons, and costs occur. A consultant will directly engage with you to understand your requirements and system alignment. A formal proposal is then presented for your consideration. Charges apply only from that point if you proceed with the proposal.