Service

Cyber Essentials & Cyber Essentials Plus

Secure your organisation with assessor-led implementation and certification support for Cyber Essentials and Cyber Essentials Plus.

Secure your organisation with Cyber Essentials and Cyber Essentials Plus support delivered by certified assessors who also specialise in implementation. Achieving certification can improve credibility, provide reassurance, unlock cost and compliance benefits and help satisfy contract requirements where Cyber Essentials is a prerequisite.

We offer expert advice, implementation guidance and certification support for both Cyber Essentials and Cyber Essentials Plus. For large or complex organisations, additional steps may be required beyond the standard service-delivery overview.

Get in touch

Overview

Certification support from readiness and implementation through to technical audit

Our lead assessors work directly with stakeholders to scope the right path, close gaps and guide organisations through certification with clear, practical support.

Certification pathways

We support both baseline Cyber Essentials certification and the technical audit requirements of Cyber Essentials Plus.

Cyber Essentials

We deliver Cyber Essentials implementation and certification directly with the client, completing the Verified Self-Assessment Questionnaire on the client behalf before final approval and issue.

  • Implementation
  • VSAQ
  • Certification

Cyber Essentials Plus

Lead assessors conduct the Cyber Essentials Plus audit against the scope of the client Cyber Essentials certification, highlighting failing points and supporting remediation and retest.

  • Technical audit
  • Retest
  • Pass criteria

Certification journey

A clear progression helps organisations move from scope and gap analysis to certification and technical assurance.

Scope and information gathering

Initial consultancy and planning calls establish scope, identify required information and surface any gaps against the standard.

Gap analysis and support

We produce a gap analysis and, where required, support remediation activity to help clients become compliant.

Cyber Essentials submission

Once gaps are closed, a draft Cyber Essentials VSAQ is produced for approval and certification is issued directly to the client.

Cyber Essentials Plus audit and retest

For CE+, the scope is technically verified, devices are sampled, technical tests are completed and retesting focuses on failing points until a pass is achieved.

Cyber Essentials service-delivery overview

Cyber Essentials implementation is delivered through direct engagement with the client organisation.

  • An initial consultancy call establishes scope, identifies information to be collected and highlights any gaps between the current approach and the Cyber Essentials standard.
  • Further detailed information is gathered with relevant stakeholders.
  • A gap analysis highlights the changes needed to become compliant.
  • Support can be provided to close gaps, with additional consultancy fees where scale requires it.
  • Once gaps are closed, a draft Cyber Essentials VSAQ is produced for client approval.
  • Upon approval, the Cyber Essentials certificate is issued directly to the client.

Cyber Essentials Plus service-delivery overview

Cyber Essentials Plus is a technical audit delivered against the scope of the Cyber Essentials certification.

  • An initial planning call establishes scope, audit requirements, pass expectations and common failing points.
  • The audit scope is technically verified in line with the Cyber Essentials Plus Test Specification.
  • A sample of devices is selected from the client asset register and confirmed no more than 3 working days before audit.
  • The audit typically covers remote vulnerability assessment, internal vulnerability assessment, malware protection, multi-factor authentication configuration and account separation.
  • If required, a gap report highlights failing points and recommended remediation.
  • Failing points must be addressed and retested within 30 days, with retesting focused only on those issues.
  • Once all technical tests pass, the Cyber Essentials Plus certificate is issued directly to the client.

Important certification conditions

There are a number of practical conditions organisations need to understand before progressing to certification.

Cyber Essentials certification is required before Cyber Essentials Plus can be completed.
Cyber Essentials Plus must be completed within 90 days of the Cyber Essentials issue date.
Large or complex organisations may require additional activity beyond the standard overview.
The CE+ audit scope is technically verified and a sample of devices is selected from the asset register.
Failing points must be remediated and retested within the allowed 30 day window.

Need help achieving Cyber Essentials or Cyber Essentials Plus?

We can assess your current posture and build a clear path to certification and technical audit readiness.

Start certification planning