Frequently Asked Questions

Why should my organisation become Cyber Essentials Certified?

Organizations should consider becoming Cyber Essentials certified for several key reasons:

1. Protect Sensitive Information: Organizations handle sensitive data, including personal information of customers, employees, and partners. Cyber Essentials certification ensures that basic security measures are in place to protect this data from cyber threats.

2. Build Trust: Certification demonstrates to clients, partners, and stakeholders that the organization prioritizes cyber security. This fosters trust and confidence in the organization’s ability to safeguard their information.

3. Prevent Cyber Attacks: Cyber attacks can disrupt operations, causing financial losses and reputational damage. Cyber Essentials helps organizations implement essential security controls to prevent common cyber threats.

4. Compliance and Regulations: Adhering to cyber security standards and regulations is increasingly important. Cyber Essentials certification helps ensure that an organization meets necessary legal and regulatory requirements.

5. Financial Protection: Many Cyber Essentials certifications include cyber liability insurance, offering financial protection against potential cyber incidents. This can be crucial for an organization’s sustainability in case of a breach.

6. Operational Continuity: Implementing cyber security measures helps ensure the smooth operation of the organization’s activities, minimizing the risk of disruption due to cyber incidents.

7. Customer Assurance: Customers want assurance that their data is secure and used responsibly. Cyber Essentials certification reassures customers that the organization is committed to protecting their personal information.

8. Improved Cyber Awareness: The certification process raises awareness within the organization about cyber security best practices, encouraging a culture of vigilance and continuous improvement.

By becoming Cyber Essentials certified, organizations can better protect their assets, enhance their reputation, and ensure the continuity of their important work.

How much will it cost for the Review & Submit Plan?

Pricing is dependent on the size of your organisation. The pricing is structured as below;

Micro (0-9 Employees) - £570 + VAT

Small (10-49 Employees) - £700 + VAT

Medium (50-249 Employees) - £820 + VAT

Large (250+ Employees) - POA

You can see more information on our Pricing & Plans page here.

How much will it cost for the Fully Managed Plan?

Pricing is dependent on the size of your organisation. The pricing is structured as below;

Micro (0-9 Employees) - £1,220 + VAT

Small (10-49 Employees) - £1,360 + VAT

Medium (50-249 Employees) - £1,570 + VAT

Large (250+ Employees) - POA

You can see more information on our Pricing & Plans page here.

What's the difference between the Review & Submit plan and the Fully Managed plan?

Our Review & Submit plan is ideal for organisations already familiar with Cyber Essentials, either renewing a previous certification or confident they have the necessary controls in place. We offer assistance in reviewing your application for compliance with the latest standards and provide advice on any changes needed to meet the requirements. Once we confirm everything is in order, your application will be submitted and assessed by our experts.

Our Fully Managed plan is perfect for organisations new to Cyber Essentials that may not yet have established security controls. We provide comprehensive guidance throughout the entire certification process, managing all the details for you.
Whichever plan you choose, our dedicated team will ensure your organization passes on the first attempt.

What is included in the scope of Cyber Essentials? Do I need to factor in devices used at home?

Any device used for work or that has access to any form of company data should be included in the scope of Cyber Essentials.

For more detailed information on the scope and how to prepare your business, please get in touch. We can provide you with a comprehensive government-issued document.

What changes happened to Cyber Essentials in 2022?

he changes to Cyber Essentials - enforced by the National Cyber Security Centre - were published on 24th January 2022.

The changes made were quite significant and brought more focus on Home workers and Password requirements. You can read about the changes in more detail here. On January 24th, 2022, the National Cyber Security Centre published significant updates to Cyber Essentials.

These changes place greater emphasis on home workers and password requirements.

Do you have any tools to help me prepare for certification?

As part of our certification preparation process, we use the IASME Cyber Essentials Readiness Tool with our clients.

What are the benefits of Cyber Essentials?

The key benefits include the peace of mind that comes from knowing your organisation's systems and information are secure from cyber attacks. Additionally, Cyber Essentials certification can enhance your ability to secure partnerships and contracts, as it is increasingly demanded in many sectors.

How long does Certification take?

The duration varies for each business, but generally, we can complete a 'Review & Submit' certification within 24 hours and a 'Fully Managed' certification within a week, assuming you can implement the necessary controls within that timeframe.

The timeline depends on your specific business circumstances, as the certification process and required questions are tailored to your operations. We will need to understand your business operations and ask pertinent questions to facilitate your certification.

Do you provide Cyber Essentials Plus?

Absolutely. We can guide your organisation through Cyber Essentials Plus as well. Simply contact us for a tailored quote.

How long will my certification last?

Each certification is valid for 12 months and must be renewed annually.

If I have ISO-27001, do I need Cyber Essentials?

The Cyber Essentials Scheme was developed for SMEs that may opt against or do not require the more stringent controls mandated by ISO-27001. It provides a government-backed, practical alternative.

After one year, do I need to go through the Certification again?

Yes, indeed. Because of the certification's requirements, it's crucial to maintain adherence to the security practices outlined during your initial assessment, making an annual review mandatory to keep your certified status.

With the foundational work already established, your next assessment will be smoother.

Do I need an onsite audit for Cyber Essentials?

An onsite audit is not mandatory for Cyber Essentials certification, but it is required for Cyber Essentials Plus certification.

The primary distinction between the two certifications is that Cyber Essentials Plus involves a physical verification of the security measures declared in your certification.

Do I need the standard Cyber Essentials certification in order to become CE Plus certified?

Certainly, you must complete the self-assessed (basic) certification before progressing to Cyber Essentials Plus.

What's the difference between Cyber Essentials and Cyber Essentials Plus?

Cyber Essentials involves a self-assessment process, while Cyber Essentials Plus adds an audited component. It verifies that all stated security measures from the self-assessment are implemented, including a mandatory network vulnerability scan.

What happens if we fail our Certification?

If unsuccessful, you will receive guidance on the areas of failure. You'll have 48 hours to address any deficiencies and resubmit for a re-assessment at no additional cost.

Is everyone eligible for the £25k Cyber Liability Insurance?

The free cyber insurance is applicable to businesses or charities with annual turnovers of up to £20 million.

How do I get the £25k Cyber Liability Insurance?

As part of the assessment questionnaire, you will provide the necessary details for the insurance, which is automatically issued upon successful certification.