Cyber Essentials logo

Cyber Advisor (Cyber Essentials) Scheme

The new NCSC scheme to help organisations of all sizes access consistent, high quality cyber security advice.
On this page please find the following sections:

Reputable expert support for organisations of all sizes

IASME is partnering with the NCSC to deliver the Cyber Advisor scheme. It provides small and medium sized organisations with reliable and cost effective cyber security advice and practical support.

In the past, organisations seeking help from an NCSC approved cyber security expert tended to be very large and complex or be from the defence, security or banking industries or part of the critical national infrastructure. If your requirements are complex, or you operate in a nationally critical sector, see the NCSC Assured Cyber Security Consultancy scheme pages.

Today, expedited by the pandemic, the widespread adoption of digital technology for products and services has made basic cyber security essential to every business that connects to the internet. Accessibility to this protection contributes to the national security of the UK. Consequently, the NCSC aims to extend its reach to offer a trusted source of cyber security advice to a wider range of organisations.

Despite a growing emphasis on cyber security, many organisations often find it hard to choose the right help to meet current guidance. The Cyber Advisor scheme aims to ensure the understanding and application of trusted cyber security advice.

How it works

Cyber Advisors will initially focus on helping organisations to implement the five Cyber Essentials Technical Controls. This service will be known as Cyber Advisor (Cyber Essentials). The name includes Cyber Essentials in order to differentiate them from any future assured Cyber Advisors assisting small organisations in other areas of cyber security.

The Cyber Essentials standard has been adopted because the NCSC recognises this as a good baseline standard that defends against a range of commonly experienced cyber attacks, including ransomware attacks.

Cyber Advisors (Cyber Essentials) can help organisations assess the gap between their current cyber security stance, and that achieved by implementing the Cyber Essentials technical controls. This service is tailored towards small and medium sized organisations and the Advisors have all been assessed not just on their technical knowledge, but also their ability to work specifically with small organisations.

With the specific needs of an individual business in mind, Cyber Advisors can provide hands-on support to help the organisation take recommended actions.

An organisation will be helped to meet the Cyber Essentials technical controls, however, they do not necessarily need to be aiming for Cyber Essentials certification. The advice offered by Cyber Advisors will help prepare an organisation should they wish to certify, in which case, they will need to apply through a Cyber Essentials Certification Body.

Cyber Advisors can help organisations by:

  • Conducting Cyber Essentials gap analysis to assess the organisations internet-facing IT, identifying where it fails to meet the Cyber Essentials controls
  • Developing reports on the status of the organisation’s Cyber Essentials controls i.e. detailing the requirements that are met and those that are not; describing why controls are not met and the risks the organisation is exposed to; recommended actions to take
  • Working with the business to agree remediation activities
  • Planning remediation activities that align to the risk and business priorities
  • Implementing remediation activities – or guide technical teams to do so – sympathetically to operational activities
  • Developing and presenting post-engagement reports summarising the engagement and detailing any remediation work completed, pointing out any residual risk with recommendations for reducing those risks

Find a Cyber Advisor

Any organisation can find a qualified and approved Cyber Advisor working within companies assured by the NCSC. This makes it simple for organisations that are starting out on their cyber security journey to benefit from expert skills and advice offered by qualified individuals.

How to select a Cyber Advisor

When choosing a provider, you may wish to consider whether they have the relevant experience in the sector you operate in, or in the technology that you use.

There is no recommended price for assured Cyber Advisors to charge. Each job will vary dependent upon the size of your organisation and the complexity of your IT.

All Cyber Advisors have passed an independent assessment which measured their:

  • knowledge and understanding of the Cyber Essentials’ technical controls
  • competence in providing practical, hands-on support
  • ability to understand and work with small and medium sized organisations

All Cyber Advisors must work for a company which has met the NCSC’s standards and been accepted as an Assured Service Provider. Customers are assured that the advice they receive can be trusted.

Displaying results for: Cyber Advisor Scheme

Company NameLocation
Albany Technology Ltd

22 King Street, Hereford, Herefordshire, HR4 9BX

Node IT Solutions

Suite 3 Baystrait House, Station Road, Biggleswade, Bedfordshire, SG18 8AL

Salus Cyber

Eagle Tower, Montpellier Drive, Cheltenham, Gloucestershire, GL50 1TA

Predatech Ltd

St James Tower, 7 Charlotte Street, Manchester, Greater Manchester, M1 4DZ

Pentest People Ltd

Round Foundry Media Centre, Foundry Street, Holbeck, Leeds, West Yorkshire, LS11 5QP

TRaC Defence Ltd

Worcestershire

Fortis Cyber Security Ltd

Milton Keynes Office, Buckinghamshire

iTeam Solutions Ltd

Mead Lane, Saltford, Bristol, BS31 3ER

Shonsys Limited

Gyleview House, 3 Redheughs Rigg, Edinburgh, Midlothian, EH12 9DQ

Red Circles

Denby House Business Centre, Taylor Lane, Loscoe, Derbyshire, DE75 7AB

Evolve North Ltd

Gatherley House, Richmond, Richmond, North Yorkshire, DL10 6QH

NETbuilder Ltd

7 Beecham Court, Pemberton Business Park, Wigan, Greater Manchester, WN3 6PR

Southern IT Networks

Pacific House, Sovereign Harbour Innovation Park, Eastbourne, East Sussex, BN23 6FA

CyberCrowd

Oxford Square, Second Floor, St Anthony’s House, Newbury, Berkshire, RG14 1JQ

Blunt Security Limited

6 Trinity Place, Midland Drive, Sutton Coldfield, West Midlands, B72 1TX

Consider IT

Waterview House, 37 Shore, Edinburgh, Midlothian, EH6 6QU

Achilles Systems Ltd

167-169 Great Portland Street 5th Floor, London, London, W1W 5PF

nTrust Systems Limited

26 Holmethorpe Avenue, Redhill, Surrey, RH1 2NL

Concept IT

F8 Tanfield Lea Business Centre, Tanfield Lea Industrial Estate North Tanfield Lea, Stanley, County Durham, DH9 9DB

BZB IT Ltd

4 Kelso Place, Upper Bristol Road, Kelston, Bath, BA1 3AU

How to become a Cyber Advisor

The Cyber Advisor scheme provides small and medium sized organisations with reliable and cost effective cyber security advice and practical support.

The scheme allows the NCSC to recommend independently assured organisations to consumers, so they can have confidence in buying cyber security advice. For those providers already doing this type of work, the Cyber Advisor scheme aims to recognise your competence.

To become a Cyber Advisor (Cyber Essentials), you will need to pass the Advisor exam (Certificate of Competence in Cyber Essentials Implementation) and provide IASME with that evidence. You will then be required to sit an online induction training course. The course will take you through the essential elements of the scheme and be followed by a simple test of understanding.

You can find more information on the Advisor exam on the Cyber Scheme webpage.

Please note, all Cyber Advisors (Cyber Essentials) must be based in the UK or Crown Dependencies.

Once an individual has successfully passed the Cyber Advisor (Cyber Essentials) exam, the company they work for can become an NCSC Assured Service Provider.

Requirements to become an Assured Service Provider

All Advisors need to be part of an Assured Service Provider organisation to be able to carry out Advisor services.

All Assured Service Providers have to show they meet both security and quality requirements.

They can do this by holding one of these security certifications.

  • UKAS-accredited ISO 27001 certification
  • Audited IASME Cyber Assurance (Level 2) certification

They also need to hold one of these quality requirements:

  • UKAS-accredited ISO 9001 certification
  • IASME Quality Principles alongside an IASME Cyber Assurance (Level 2) certification
  • QG Quality Fundamentals+ certification

An NCSC Assured Service Provider must also:

  • Provide independently verified evidence that they have achieved and maintain Cyber Essentials
  • Sign and return the associated contract
  • Employ at least one individual who has passed the Cyber Advisor assessment
  • Pay an annual subscription fee

If your company is interested in becoming an NCSC Assured Service Provider, please contact us at [email protected].  Your professionalism, expertise and attitude is more important to us than size and we are happy to licence to companies of all sizes.

Frequently Asked Questions

Why are we launching the Cyber Advisor scheme?

The NCSC aims to extend its reach to offer a trusted source of cyber security advice to a wider range of organisations.
Despite a growing emphasis on cyber security, many organisations often find it hard to choose the right help to meet current guidance – they don’t know who to trust, or fear they will over-pay or be sold more than they need. The Cyber Advisor scheme aims to ensure the understanding and application of trusted cyber security advice at a proportionate price.

Why does the Cyber Advisor service centre around the 5 Cyber Essentials controls ?

Ultimately, the Cyber Advisor scheme may expand beyond Cyber Essentials. However, the Cyber Essentials standard has been adopted because the NCSC recognises this as good baseline standard that defends against a range of commodity attacks – with confidence that it will improve the security for those that properly implement it. 

Does implementing Cyber Advisor advice lead to Cyber Essentials certification?

Organisations looking for advice do not need to be aiming for Cyber Essentials certification. The advice offered by Cyber Advisors will prepare you for certification. However, Cyber Advisors cannot issue Cyber Essentials certification (unless they are also a Cyber Essentials Certification Body assessor), so organisations will still need to apply for Cyber Essentials certification separately.

What is the difference between a Cyber Essentials Certification Body and a Cyber Advisor Assured Service Provider?

A Cyber Essentials Certification Body can assess if an organisation meets the criteria required for Cyber Essentials certification and issue that certification – something a Cyber Advisor cannot do unless their organisation is also a Cyber Essentials Certification Body.

How do I get help from a Cyber Advisor?

A list of Cyber Advisors is available (Find a Cyber Advisor); organisations looking for Cyber Advice will be able to approach these organisations directly.

What are the requirements to become a Cyber Advisor Assured Service Provider?

One of the key requirements of becoming a Cyber Advisor Assured Service Provider is the employment of at least one individual who has passed the Cyber Advisor assessment. An organisation applying to be assured to provide Cyber Advisor services will also be expected to:

  • Have independently verified evidence that they have achieved and maintain Cyber Essentials certification
  • Have good cyber security and can keep client data secure
  • Be committed to achieving an excellent and consistent client experience by using a quality management system.

An annual subscription fee will also be charged.
Full details of the requirements to be an Assured Service Provider can be seen here. 

What are the benefits of being a Cyber Advisor? Why become one?

The Cyber Advisor scheme allows the NCSC to recommend independently assured organisations that can help their customers implement a baseline level of cyber security. By creating a trusted ecosystem, consumers will know better who to engage and what to expect. Furthermore, for those already doing this work, the Cyber Advisor scheme aims to recognise their competence. 

How much will Cyber Advisors charge?

There is no recommended fixed cost for assured Cyber Advisor firms to charge clients. Each job is likely to vary considerably according to the client’s existing security posture and size and complexity of their IT estate. 

What is the cost for firms to become a Cyber Advisor?

Annual fee of £600 per organisation, and £250 per advisor. There will also be a one-off onboarding charge of £250.

What is the cost to take the Cyber Advisor assessment?

The cost to take the Cyber Advisor assessment can be found on the Cyber Scheme webpage. The assessment will remain valid for three years. After three years a resit will be required.

Where can I get more information?

For more information, please contact IASME at [email protected]

Find Out More

Have a look at our Frequently Asked Questions or speak to our team