← Back to services

Cyber Essentials & Plus

Government-backed certification that demonstrates your commitment to cybersecurity. Essential for public sector contracts and increasingly expected across supply chains.

Get certified
Government-Backed Certification Scheme
Recognized across UK public and private sectors

Two levels of certification

Choose the level that meets your contractual and assurance requirements.

Cyber Essentials

Self-assessment based certification that demonstrates your commitment to fundamental security controls.

Requirements

  • Complete self-assessment questionnaire
  • Implement five key security controls
  • External vulnerability scan
  • Independent verification
  • Annual renewal required

Good for

Public sector contracts Supply chain requirements Insurance requirements Foundation security posture

Cyber Essentials Plus

Includes hands-on technical verification with on-site or remote testing of your systems and controls.

Requirements

  • Complete full Cyber Essentials
  • Technical vulnerability assessment
  • Configuration review
  • Hands-on testing by assessor
  • Evidence of control implementation

Good for

Higher-value contracts Greater assurance needs Defense supply chain Enhanced cyber insurance terms

The five controls

Cyber Essentials requires implementation of five fundamental security controls.

1

Firewalls

Properly configured firewalls protecting your network perimeter and controlling traffic flow.

2

Secure Configuration

Systems configured securely with unnecessary features disabled and defaults changed.

3

User Access Control

Appropriate access controls with user accounts having only necessary permissions.

4

Malware Protection

Up-to-date anti-malware software protecting all devices from malicious software.

5

Security Update Management

Regular patching of operating systems and software to address known vulnerabilities.

Our process

We guide you through every step to ensure first-time success.

01

Gap Assessment

We review your current security controls against Cyber Essentials requirements and identify gaps.

02

Remediation Guidance

Receive specific, actionable guidance on implementing required controls cost-effectively.

03

Self-Assessment Support

We help you complete the questionnaire accurately, ensuring you understand each requirement.

04

Certification & Beyond

Guide you through the assessment process and help maintain certification annually.

Common questions

Which level do I need?

Cyber Essentials is sufficient for most public sector contracts and demonstrates baseline security. Choose Cyber Essentials Plus if contracts specifically require it, if you handle highly sensitive data, or if you want stronger assurance for clients and insurers.

How long does certification take?

If your controls are already in place, certification can take 2-4 weeks. If you need to implement controls first, allow 6-12 weeks depending on your starting point and organizational complexity.

What if I fail the assessment?

The process is designed to help you succeed. We identify gaps before you submit for assessment. If issues are found during certification, we help you remediate them and resubmit. Most organizations pass on first attempt with proper preparation.

Do I need to renew annually?

Yes, Cyber Essentials certification is valid for 12 months. We help clients maintain their certification year after year, making renewals straightforward as your controls mature.

Ready to get certified?

Schedule a consultation to discuss your Cyber Essentials requirements and timeline.

Get in touch