Cyber Essentials and Cyber Essentials Plus

By working with us you can achieve Cyber Essentials scheme status with a minimum of fuss and bother. We walk you through the process, to help make sure that you meet the requirements, and then some, without leaning on you to buy things from us that you don’t need.

Our understanding

Reducing cyber risk has always been our goal for our clients, so the UK Government’s commitment to formalising this for a wider audience is a welcome initiative.

By certifying your business in this way you can demonstrably show a very specific level of care to your clients and suppliers, as well as transparency to your insurers, your industry, and regulatory bodies.

Government suppliers

Currently any supplier who wants to bid for certain Central Government contracts has to be Cyber Essentials certified, you can find the details here.

What are Cyber Essentials and Cyber Essentials Plus?

Cyber Essentials is a UK government backed certification that assists your business in safeguarding against typical online threats while demonstrating to customers and partners your commitment to security. 

Cyber Essentials Plus builds on this foundation by incorporating an independent audit to ensure that those protections are genuinely effective. Obtaining either certification helps you protect your data while enhancing client trust and fulfilling essential contract obligations.

How can I get a Cyber Essentials certification?

Whether you’re seeking your first Cyber Essentials (CE) certification or renewing it, we can guide you through the entire process. As an official certification body qualified by IASME, our consultants can provide:

Consultancy and review for your business, where we help identify gaps in your cybersecurity posture and suggest improvements.

CE and CE Plus assessments so we can conduct your formal certification. 

Ongoing support at all stages, whether with scoping and preparation to full audits, we tailor packages to suit your needs and ensure you are prepared for formal assessment.

How does it work?

The approach will vary depending on the service selected and the level of assistance needed. Scoping exercises shall be completed to first determine your requirements. 

We walk you through your self-assessment questionnaire ahead of submission to identify potential failure points or major non-compliances to make sure you reach compliance.

Additional support days are offered where your  organisation requires further assistance, or organisations are large and complex. . This is recommended for organisations where CE+ is mandatory. For companies that are small or have carried out CE and CE+ assessments with us previously, these engagements can be shorter and focused on the minor but precise changes to the certification which occur most years. 

If significant issues and non-compliances are identified, we may suggest additional services to help the client implement improvements. This may include vCISO engagements, build reviews, firewall reviews, cloud or infrastructure assistance etc.

We can conduct the formal assessment so you can get certified, then this may be moderated by IASME, the NCSC, or both.

We recommend an annual review to stay up to date with ISAME’s question set and maintain compliance. 

Don’t leave CE and CE+ submission to the last minute. Work with us to make this as stress free as possible and reduce the worry about audits.  We can help with regular reviews and updates, ongoing support and advice and guidance on areas where the CE questions may need more explanation or technical clarification.