Government-Backed Certification

Achieve Cyber Essentials certification with confidence.

Cyber Essentials and Cyber Essentials Plus are UK government-backed certifications that protect your organisation against the most common cyber threats. We guide you through every step, from gap assessment to certification, and conduct the hands-on technical verification required for Cyber Essentials Plus.

Get in Touch View Our Methodology

What we offer

Readiness & certification.

Gap Assessment & Readiness

Before submission, we review your existing controls against the Cyber Essentials requirements and provide a clear remediation plan to ensure you pass first time.

Cyber Essentials

A self-assessment questionnaire verified by an independent assessor. Covers five core technical controls that protect against the majority of common internet-based attacks.

Cyber Essentials Plus

Includes everything in Cyber Essentials, plus independent hands-on technical testing by our CREST-certified consultants to verify the controls are correctly implemented and effective.

Cyber Essentials controls

What Cyber Essentials covers.

Firewalls

Boundary firewalls and internet gateways are correctly configured to prevent unauthorised access from the internet.

Secure Configuration

Computers and network devices are configured securely, with unnecessary software and services removed or disabled.

User Access Control

User accounts are managed and privileged access is controlled. Users only have the access they need to do their job.

Malware Protection

Protection against viruses and malware is in place across all devices, with policies governing the use of removable media and application execution.

Security Update Management

Operating systems, software, and firmware are kept up to date, with patches applied within 14 days of release for internet-facing systems.

Plus: Technical Verification

For Cyber Essentials Plus, our consultants independently verify all five controls through authenticated vulnerability scanning and hands-on testing.

How we work

Our certification process.

Step 01

Gap Assessment

We review your current controls against the Cyber Essentials requirements and identify any gaps that need addressing before submission.

Step 02

Remediation Support

Where gaps exist, we provide practical, prioritised guidance so your team can implement the required controls efficiently and correctly.

Step 03

Self-Assessment (CE)

We guide you through the Cyber Essentials questionnaire to ensure your answers accurately reflect your controls and maximise the chance of first-time certification.

Step 04

Technical Testing (CE+)

Our CREST-certified consultants conduct authenticated scanning and hands-on verification of all five controls, then submit findings for certification.

What you receive

Your deliverables.

Gap Assessment Report

A clear, actionable report identifying which Cyber Essentials controls you currently meet and what needs to change before submission.

Certification Badge

Upon successful assessment, your Cyber Essentials or Cyber Essentials Plus certificate and badge for use in proposals, bids, and marketing materials.

Technical Test Report (CE+)

Full findings from the hands-on technical verification, including any residual risks and recommendations for ongoing improvement.

Annual Renewal Support

Cyber Essentials certification must be renewed annually. We offer streamlined renewal support to keep your certification current with minimal disruption.

FAQ

Frequently asked questions.

What is the difference between Cyber Essentials and Cyber Essentials Plus?

Cyber Essentials is a self-assessment questionnaire where you declare that your organisation meets the five technical controls. Cyber Essentials Plus includes all of that plus hands-on technical testing by an accredited assessor, who verifies that the controls are actually working as described. Plus provides a higher level of assurance and is often required for government contracts handling sensitive data.

How long does it take to get certified?

If your organisation already meets the five technical controls, certification can be achieved in a matter of weeks. If remediation is needed, the timeline depends on the gaps identified during the initial assessment. We provide a clear gap assessment report so you know exactly what needs to change, and support you through the remediation process before submitting for certification.

Do we need Cyber Essentials to bid for government contracts?

Yes. Since 2014, Cyber Essentials certification has been mandatory for any organisation bidding for UK government contracts that involve handling sensitive or personal information. Many private sector organisations also now require their suppliers to hold Cyber Essentials certification as part of their supply chain security requirements.

How often does the certification need to be renewed?

Cyber Essentials certification is valid for 12 months and must be renewed annually. We offer streamlined renewal support to keep the process straightforward, and the renewal assessment also serves as a useful annual check on your security posture to ensure nothing has drifted since the last certification.