The benefits of Cyber Essentials certification
Prove to customers that cyber security is a priority in your organisation
Stay ahead of new cyber security risks by assessing your systems against a recognised framework each year
Apply for the growing number of contracts that address supply chain security with Cyber Essentials certification
IASME – the NCSC’s Official Cyber Essentials Delivery Partner.
The National Cyber Security Centre (NCSC) is the UK’s technical authority for cyber security. Its mission is to make the UK the safest place to live and work online.
IASME works with a network of more than 300 cyber security organisations across the UK and Crown Dependencies to advise and certify organisations of all sizes.
What is Cyber Essentials?
Cyber Essentials represents the UK Government’s minimum baseline standard for cyber security for organisations of all sizes in the UK. The annually renewable certification scheme is aligned to five technical controls designed to prevent the most common internet-based cyber security threats.
Cyber Essentials certification demonstrates that an organisation is protecting itself by implementing the most important cyber security controls. A team of experts review the scheme at regular intervals to ensure it stays effective in the ever-evolving threat landscape.
Cyber Essentials certification includes automatic cyber liability insurance for any UK organisation who certifies their whole organisation and has less than £20m annual turnover. At the first level of Cyber Essentials, organisations assess themselves against five basic security controls and a qualified Assessor verifies the information provided.
All the self-assessment questions are available to download for free in advance. Once you have passed Cyber Essentials you can apply for Cyber Essentials Plus, which is a hands-on audit of your systems. Read on for more info.
Cyber Essentials is available in two levels:
Level One
Cyber Essentials is an independently verified self-assessment
Cyber Essentials works in the format of a self-assessment questionnaire. Organisations answer a series of questions that address the scope of the assessment, their employees, devices, and work location.
They will also answer questions that address the five core controls, which include user access control, secure configuration, security update management, firewalls and routers, and malware protection.
The answers must be signed-off by a board member or equivalent and the answers are then marked by an independent Assessor
Cyber Essentials is priced according to the size of your organisation
0-9 Employees
$420£320 + VAT€380
10-49 Employees
$570£440 + VAT€520
50-249 Employees
$650£500 + VAT€590
250+ Employees
$780£600 + VAT€710
Level Two
Cyber Essentials Plus is a technical audit of your IT systems
The verified self-assessment questionnaire of Cyber Essentials is a prerequisite to Cyber Essentials Plus.
Although based on the same technical requirements, Cyber Essentials Plus includes a technical audit of your IT systems to verify that the controls are in place. In this way, it gives more assurance that you are complying with the scheme.
The audit covers a representative set of user devices, all internet gateways, and all servers with services accessible to the internet.
Cyber Essentials Plus is priced according to the size and complexity of your network
Don’t know where to start?
The Cyber Essentials Readiness Tool
IASME has developed a Readiness Tool to help you on your way to certifying. The Readiness Tool is a series of questions that have been developed to lead you through the main parts of the Cyber Essentials requirements. If there are areas where you need to put more controls in place, you will get a link to guidance about how to make those changes. At the end of this process, you will get a list of actions outlining what steps you need to take to prepare for Cyber Essentials.
The Readiness Tool is the step that comes before taking the Cyber Essentials self-assessment. It will start you on your journey towards becoming Cyber Essentials certified.
Need help from an expert?
Some of the Cyber Essentials self-assessment questions can be difficult to understand if you do not have a technical IT background or have a complex company structure.
Cyber Advisors work for a National Cyber Security Centre Assured Service Provider to provide small and medium sized organisations with reliable and cost effective cyber security advice and practical support. Advisors can apply their technical knowledge and provide hands-on support with the specific needs of an individual business in mind, to help them take recommended actions.
Cyber Essentials Assessors work for a Certification Body. They are trained and licensed by IASME to assess whether an organisation meets the criteria required for Cyber Essentials certification, and can issue that certification. They will also be able to help you understand the assessment questions and how they relate to your company.
I’m ready to certify for Cyber Essentials
When you are ready, you will need to register for certification and make a payment. Once your application and payment have been received, you will receive your online assessment portal log-in details so that you can enter your answers into the on-line assessment platform. A senior member of the board or equivalent from your organisation must e-sign a document to verify that all the answers are true and then a qualified external Assessor will mark the answers.
Once you have submitted your assessment for marking, your Assessor may send you feedback. You then have 2 working days to address any feedback and resubmit. Once you pass, you will receive your certificate and be listed on our directory of certified organisations.
You will need to renew your certificate annually as it expires after twelve months. We remove companies from our certified organisation list if they are not re-certified within twelve months of their last certificate.
Cyber Essentials Knowledge Hub
The Knowledge Hub is a central source of trusted, up-to-date information about the Cyber Essentials scheme. Search or browse to find reliable information and support to help answer your questions and guide you through the Cyber Essentials certification process.
You will find information about tech and cyber basics, scoping your assessment, the five controls, software support periods, sector specific guidance, and scheme updates.