What is Cyber Essentials Plus?

Cyber Essentials Plus

Cyber Essentials Plus is a higher level certification than the Cyber Essentials Verified Self-Assessed and includes an audited assessment of the organisations IT systems. All organisations wishing to complete the Cyber Essentials Plus will need a valid Cyber Essentials Verified Self-Assessed which was certified date within 3 months before to complete the Cyber Essentials Plus assessment.

The Cyber Essentials Plus audited assessment of your system based on the scope of the Cyber Essentials . The aim of the assessment is to confirm that all controls that have been declared in Cyber Essentials Verified Self-Assessed are implemented on the organisations network. By undertaking and completing Cyber Essentials Plus, you can declare publicly, that your organisation has been proven to meet baseline security standards set out by Cyber Essentials.

An assessor will pick a sample of computers at your organisation and perform an audit to ensure that the devices are compliant with the Cyber Essentials scheme.

An internal vulnerability scan will beconducted on the sample computers and servers to confirm patching and basic configuration meet the minimum requirements.

An external vulnerability scan will interegate all ports of your internet facing IP addresses to ensure that no clear and obvious misconfigurations or vulnerabilities can be discovered.

All sample computers will carried out on your email and internet browsers to confirm they are to prevent execution of fake malicious files and virus'.

All mobile devices within the sample will be chacked to confirm they are running the latest compliant software build and they are not in developer mode enabling them to download unsigned applications.






The 5 technical control themes of Cyber Essentials

  • Cyber Essentials Scheme Firewalls


    You should protect your Internet connection with a firewall. Many organisations will have a dedicated boundary firewall which protects their whole network.

  • Cyber Essentials Scheme User Access Control

    User Access Control

    Standard accounts should be used for general work. By ensuring that your staff don’t browse the web or check emails from an account with administrative privileges you cut down on the chance that an admin account will be compromised.

  • Cyber Essentials Scheme Malware protection

    Malware protection

    Malware is short for ‘malicious software’ also know as Anti-Virus must be installed on all endpoints that support this software

  • Cyber Essentials Scheme Secure Configuration

    Secure Configuration

    Your accounts should always be password-protected. For ‘important’ accounts, such as banking and IT administration, you should use two-factor authentication, also known as 2FA.

  • Cyber Essentials Scheme Patch management

    Patch management

    No matter which phones, tablets, laptops or computers your organisation is using, it’s important that the manufacturer still supports the device with regular security updates and that you install those updates as soon as they are released.

Cyber Essentials Scheme Why should you get Cyber Essentials?

Why should you get Cyber Essentials?

  • Protect against approximately 80% of cyber attacks
  • Reassure customers that you are working to secure your IT against cyber attack
  • Demonstrates to your customers and supply chain that you have considered you security posture
  • You have a clear picture of your organisation's cyber security posture
  • Some Government contracts require Cyber Essentials certification

Cyber Essentials Plus Costs

Organisation SizeCost Ex. VAT
Micro (1-9 Employees)£1800
Small (10-49 Employees)£2400
Medium (50-249 Employees)£2800
Large (250 > Employees)Quote on request

Managed Cyber Essentials Plus

Managed Cyber Essentials Plus:

  • Continuous Vulnerability Assessments.
  • Year round consultation.
  • Regular news letters. Keep up to date with any changes to the assessment and compliance.


This site uses cookies. By continuing your visit, you accept their use as set out in our Cookie Policy. OK