Cyber Essentials logo

Cyber Advisor (Cyber Essentials) Scheme

The new NCSC scheme to help organisations of all sizes access consistent, high quality cyber security advice.
On this page please find the following sections:

Reputable expert support for organisations of all sizes

IASME is partnering with the NCSC to deliver the Cyber Advisor scheme. It provides small and medium sized organisations with reliable and cost effective cyber security advice and practical support.

In the past, organisations seeking help from an NCSC approved cyber security expert tended to be very large and complex or be from the defence, security or banking industries or part of the critical national infrastructure. If your requirements are complex, or you operate in a nationally critical sector, see the NCSC Assured Cyber Security Consultancy scheme pages.

Today, expedited by the pandemic, the widespread adoption of digital technology for products and services has made basic cyber security essential to every business that connects to the internet. Accessibility to this protection contributes to the national security of the UK. Consequently, the NCSC aims to extend its reach to offer a trusted source of cyber security advice to a wider range of organisations.

Despite a growing emphasis on cyber security, many organisations often find it hard to choose the right help to meet current guidance. The Cyber Advisor scheme aims to ensure the understanding and application of trusted cyber security advice.

How it works

Cyber Advisors will initially focus on helping organisations to implement the five Cyber Essentials Technical Controls. This service will be known as Cyber Advisor (Cyber Essentials). The name includes Cyber Essentials in order to differentiate them from any future assured Cyber Advisors assisting small organisations in other areas of cyber security.

The Cyber Essentials standard has been adopted because the NCSC recognises this as a good baseline standard that defends against a range of commonly experienced cyber attacks, including ransomware attacks.

Cyber Advisors (Cyber Essentials) can help organisations assess the gap between their current cyber security stance, and that achieved by implementing the Cyber Essentials technical controls. This service is tailored towards small and medium sized organisations and the Advisors have all been assessed not just on their technical knowledge, but also their ability to work specifically with small organisations.

With the specific needs of an individual business in mind, Cyber Advisors can provide hands-on support to help the organisation take recommended actions.

An organisation will be helped to meet the Cyber Essentials technical controls, however, they do not necessarily need to be aiming for Cyber Essentials certification. The advice offered by Cyber Advisors will help prepare an organisation should they wish to certify, in which case, they will need to apply through a Cyber Essentials Certification Body.

Cyber Advisors can help organisations by:

  • Conducting Cyber Essentials gap analysis to assess the organisations internet-facing IT, identifying where it fails to meet the Cyber Essentials controls
  • Developing reports on the status of the organisation’s Cyber Essentials controls i.e. detailing the requirements that are met and those that are not; describing why controls are not met and the risks the organisation is exposed to; recommended actions to take
  • Working with the business to agree remediation activities
  • Planning remediation activities that align to the risk and business priorities
  • Implementing remediation activities – or guide technical teams to do so – sympathetically to operational activities
  • Developing and presenting post-engagement reports summarising the engagement and detailing any remediation work completed, pointing out any residual risk with recommendations for reducing those risks

Find a Cyber Advisor

Any organisation can find a qualified and approved Cyber Advisor working within companies assured by the NCSC. This makes it simple for organisations that are starting out on their cyber security journey to benefit from expert skills and advice offered by qualified individuals.

How to select a Cyber Advisor

When choosing a provider, you may wish to consider whether they have the relevant experience in the sector you operate in, or in the technology that you use.

There is no recommended price for assured Cyber Advisors to charge. Each job will vary dependent upon the size of your organisation and the complexity of your IT.

All Cyber Advisors have passed an independent assessment which measured their:

  • knowledge and understanding of the Cyber Essentials’ technical controls
  • competence in providing practical, hands-on support
  • ability to understand and work with small and medium sized organisations

All Cyber Advisors must work for a company which has met the NCSC’s standards and been accepted as an Assured Service Provider. Customers are assured that the advice they receive can be trusted.

Displaying results for: Cyber Advisor Scheme

Company NameLocation
BZB IT Ltd

4 Kelso Place, Upper Bristol Road, Kelston, Bath, BA1 3AU

Consider IT

Waterview House, 37 Shore, Edinburgh, Midlothian, EH6 6QU

KIT365 Ltd

KIT365 Ltd, 1st Floor, Gateway House, 4 Penman Way, Leicester, LE19 1SY

Aggress Ltd (CyberAggress)

Marathon House, Olympic Business Park, Drybridge Road, Dundonald, Ayrshire, KA2 9AE

Astrix Cybersecurity

Office G7 Venture House, Navigation park, Abercynon, Mid Glamorgan, CF45 4SN

in2secure

1 Hillside, Hartwell, Northamptonshire, NN7 2HJ

Oxford Systems

Bicester

Resolution IT Limited

Homefield, Rue De L'Epinel, Forest, Guernsey, GY7 9QN

Aindale Business Management Services

31-33 Chapel Hill, Huddersfield, West Yorkshire, HD1 3ED

Aspire Technology Solutions

Pipewell Quay, Pipewellgate, Gateshead, NE8 2BJ

Data Connect Group Limited

Spa Bottom Farm, Haggs Road, Follifoot, Harrogate, North Yorkshire, HG3 1EQ

Optimising IT

Twigworth Court Business Centre, Gloucester, Gloucestershire, GL2 9PG

Assure Technical Ltd

Malvern Hills Science Park, Geraldine Road, Malvern, Worcestershire, WR14 3SZ

Start Technology

9 Sweetlake Business Village, Longden Road, Shrewsbury, Shropshire, SY3 9EW

Principle Defence

107 Eddington Crescent, Welwyn Garden City, AL7 4SX

MJD Systems

3-4 The Steadings, Spey Bay, Moray, IV32 7PJ

Predatech Ltd

St James Tower, 7 Charlotte Street, Manchester, Greater Manchester, M1 4DZ

Meta Defence Labs

Essex, Exeter and London

Ascentor Ltd

Quedgeley, Gloucester, GL2 2AQ

Digital Armour Ltd

Fairfield Enterprise Centre Lincoln Way, Fairfield Industrial Estate, Louth, Lincolnshire, LN11 0LS

How to become a Cyber Advisor

The Cyber Advisor scheme provides small and medium sized organisations with reliable and cost effective cyber security advice and practical support.

The scheme allows the NCSC to recommend independently assured organisations to consumers, so they can have confidence in buying cyber security advice. For those providers already doing this type of work, the Cyber Advisor scheme aims to recognise your competence.

To become a Cyber Advisor (Cyber Essentials), you will need to pass the Advisor exam (Certificate of Competence in Cyber Essentials Implementation) and provide IASME with that evidence. You will then be required to sit an online induction training course. The course will take you through the essential elements of the scheme and be followed by a simple test of understanding.

You can find more information on the Advisor exam on the Cyber Scheme webpage.

Please note, all Cyber Advisors (Cyber Essentials) must be based in the UK or Crown Dependencies.

Once an individual has successfully passed the Cyber Advisor (Cyber Essentials) exam, the company they work for can become an NCSC Assured Service Provider.

Requirements to become an Assured Service Provider

All Advisors need to be part of an Assured Service Provider organisation to be able to carry out Advisor services.

All Assured Service Providers have to show they meet both security and quality requirements.

They can do this by holding one of these security certifications.

  • UKAS-accredited ISO 27001 certification
  • Audited IASME Cyber Assurance (Level 2) certification

They also need to hold one of these quality requirements:

  • UKAS-accredited ISO 9001 certification
  • IASME Quality Principles alongside an IASME Cyber Assurance (Level 2) certification
  • QG Quality Fundamentals+ certification

An NCSC Assured Service Provider must also:

  • Provide independently verified evidence that they have achieved and maintain Cyber Essentials
  • Sign and return the associated contract
  • Employ at least one individual who has passed the Cyber Advisor assessment
  • Pay an annual subscription fee

If your company is interested in becoming an NCSC Assured Service Provider, please contact us at [email protected].  Your professionalism, expertise and attitude is more important to us than size and we are happy to licence to companies of all sizes.

Frequently Asked Questions

Why are we launching the Cyber Advisor scheme?

The NCSC aims to extend its reach to offer a trusted source of cyber security advice to a wider range of organisations.
Despite a growing emphasis on cyber security, many organisations often find it hard to choose the right help to meet current guidance – they don’t know who to trust, or fear they will over-pay or be sold more than they need. The Cyber Advisor scheme aims to ensure the understanding and application of trusted cyber security advice at a proportionate price.

Why does the Cyber Advisor service centre around the 5 Cyber Essentials controls ?

Ultimately, the Cyber Advisor scheme may expand beyond Cyber Essentials. However, the Cyber Essentials standard has been adopted because the NCSC recognises this as good baseline standard that defends against a range of commodity attacks – with confidence that it will improve the security for those that properly implement it. 

Does implementing Cyber Advisor advice lead to Cyber Essentials certification?

Organisations looking for advice do not need to be aiming for Cyber Essentials certification. The advice offered by Cyber Advisors will prepare you for certification. However, Cyber Advisors cannot issue Cyber Essentials certification (unless they are also a Cyber Essentials Certification Body assessor), so organisations will still need to apply for Cyber Essentials certification separately.

What is the difference between a Cyber Essentials Certification Body and a Cyber Advisor Assured Service Provider?

A Cyber Essentials Certification Body can assess if an organisation meets the criteria required for Cyber Essentials certification and issue that certification – something a Cyber Advisor cannot do unless their organisation is also a Cyber Essentials Certification Body.

How do I get help from a Cyber Advisor?

A list of Cyber Advisors is available (Find a Cyber Advisor); organisations looking for Cyber Advice will be able to approach these organisations directly.

What are the requirements to become a Cyber Advisor Assured Service Provider?

One of the key requirements of becoming a Cyber Advisor Assured Service Provider is the employment of at least one individual who has passed the Cyber Advisor assessment. An organisation applying to be assured to provide Cyber Advisor services will also be expected to:

  • Have independently verified evidence that they have achieved and maintain Cyber Essentials certification
  • Have good cyber security and can keep client data secure
  • Be committed to achieving an excellent and consistent client experience by using a quality management system.

An annual subscription fee will also be charged.
Full details of the requirements to be an Assured Service Provider can be seen here. 

What are the benefits of being a Cyber Advisor? Why become one?

The Cyber Advisor scheme allows the NCSC to recommend independently assured organisations that can help their customers implement a baseline level of cyber security. By creating a trusted ecosystem, consumers will know better who to engage and what to expect. Furthermore, for those already doing this work, the Cyber Advisor scheme aims to recognise their competence. 

How much will Cyber Advisors charge?

There is no recommended fixed cost for assured Cyber Advisor firms to charge clients. Each job is likely to vary considerably according to the client’s existing security posture and size and complexity of their IT estate. 

What is the cost for firms to become a Cyber Advisor?

Annual fee of £600 per organisation, and £250 per advisor. There will also be a one-off onboarding charge of £250.

What is the cost to take the Cyber Advisor assessment?

The cost to take the Cyber Advisor assessment can be found on the Cyber Scheme webpage. The assessment will remain valid for three years. After three years a resit will be required.

Where can I get more information?

For more information, please contact IASME at [email protected]

Find Out More

Have a look at our Frequently Asked Questions or speak to our team