The benefits of Cyber Essentials certification

Prove to customers that cyber security is a priority in your organisation

Stay ahead of new cyber security risks by assessing your systems against a recognised framework each year

Apply for the growing number of contracts that address supply chain security with Cyber Essentials certification

NCSC Cyber Essentials
NCSC Delivery Partner logo

IASME – the NCSC’s Official Cyber Essentials Delivery Partner.

The National Cyber Security Centre (NCSC) is the UK’s technical authority for cyber security. Its mission is to make the UK the safest place to live and work online.

IASME works with a network of more than 300 cyber security organisations across the UK and Crown Dependencies to advise and certify organisations of all sizes.

What is Cyber Essentials?

Cyber Essentials represents the UK Government’s minimum baseline standard for cyber security for organisations of all sizes in the UK. The annually renewable certification scheme is aligned to five technical controls designed to prevent the most common internet-based cyber security threats.

Cyber Essentials certification demonstrates that an organisation is protecting itself by implementing the most important cyber security controls.  A team of experts review the scheme at regular intervals to ensure it stays effective in the ever-evolving threat landscape.

Cyber Essentials certification includes automatic cyber liability insurance for any UK organisation who certifies their whole organisation and has less than £20m annual turnover. At the first level of Cyber Essentials, organisations assess themselves against five basic security controls and a qualified Assessor verifies the information provided.

All the self-assessment questions are available to download for free in advance. Once you have passed Cyber Essentials you can apply for Cyber Essentials Plus, which is a hands-on audit of your systems. Read on for more info.

Cyber Essentials is available in two levels:

Level One

NCSC Cyber Essentials

Cyber Essentials is an independently verified self-assessment

Cyber Essentials is priced according to the size of your organisation

Cyber Essentials works in the format of a self-assessment questionnaire. Organisations answer a series of questions that address the scope of the assessment, their employees, devices, and work location.

They will also answer questions that address the five core controls, which include user access control, secure configuration, security update management, firewalls and routers, and malware protection.

The answers must be signed-off by a board member or equivalent and the answers are then marked by an independent Assessor

0-9 Employees

$420£320 + VAT€380

50-249 Employees

$650£500 + VAT€590

10-49 Employees

$570£440 + VAT€520

250+ Employees

$780£600 + VAT€710

Cyber Essentials is available in two levels:

Level One

NCSC Cyber Essentials

Cyber Essentials is an independently verified self-assessment

Cyber Essentials works in the format of a self-assessment questionnaire. Organisations answer a series of questions that address the scope of the assessment, their employees, devices, and work location.

They will also answer questions that address the five core controls, which include user access control, secure configuration, security update management, firewalls and routers, and malware protection.

The answers must be signed-off by a Board member or equivalent and the answers are then marked by an independent Assessor

Cyber Essentials is priced according to the size of your organisation

0-9 Employees

$420£320 + VAT€380

10-49 Employees

$570£440 + VAT€520

50-249 Employees

$650£500 + VAT€590

250+ Employees

$780£600 + VAT€710

Level Two

NCSC Cyber Essentials Plus

Cyber Essentials Plus is a technical audit of your IT systems

Cyber Essentials Plus is priced according to the size and complexity of your network

The verified self-assessment questionnaire of Cyber Essentials is a prerequisite to Cyber Essentials Plus.

Although based on the same technical requirements, Cyber Essentials Plus includes a technical audit of your IT systems to verify that the controls are in place. In this way, it gives more assurance that you are complying with the scheme.

The audit covers a representative set of user devices, all internet gateways, and all servers with services accessible to unauthenticated internet users.

Level Two

NCSC Cyber Essentials Plus

Cyber Essentials Plus is a technical audit of your systems

The verified self-assessment questionnaire of Cyber Essentials is a prerequisite to Cyber Essentials Plus.

Although based on the same technical requirements, Cyber Essentials Plus includes a technical audit of your IT systems to verify that the controls are in place. In this way, it gives more assurance that you are complying with the scheme.

The audit covers a representative set of user devices, all internet gateways, and all servers with services accessible to unauthenticated internet users.

Cyber Essentials Plus is priced according to the size and complexity of your network

Don’t know where to start?

The Cyber Essentials Readiness Tool

IASME has developed a Readiness Tool to help you on your way to certifying. The Readiness Tool is a series of questions that have been developed to lead you through the main parts of the Cyber Essentials requirements. If there are areas where you need to put more controls in place, you will get a link to guidance about how to make those changes. At the end of this process, you will get a list of actions outlining what steps you need to take to prepare for Cyber Essentials.

The Readiness Tool is the step that comes before taking the Cyber Essentials self-assessment. It will start you on your journey towards becoming Cyber Essentials certified.

Need help from an expert?

Some of the Cyber Essentials self-assessment questions can be difficult to understand if you do not have a technical IT background or have a complex company structure.

Cyber Advisors work for a National Cyber Security Centre Assured Service Provider to provide small and medium sized organisations with reliable and cost effective cyber security advice and practical support. Advisors can apply their technical knowledge and provide hands-on support with the specific needs of an individual business in mind, to help them take recommended actions.

Cyber Essentials Assessors work for a Certification Body. They are trained and licensed by IASME to assess whether an organisation meets the criteria required for Cyber Essentials certification, and can issue that certification. They will also be able to help you understand the assessment questions and how they relate to your company.

I’m ready to certify for Cyber Essentials

When you are ready, you will need to register for certification and make a payment. Once your application and payment have been received, you will receive your online assessment portal log-in details so that you can enter your answers into the on-line assessment platform. A senior member of the board or equivalent from your organisation must e-sign a document to verify that all the answers are true and then a qualified external Assessor will mark the answers.

Once you have submitted your assessment for marking, your Assessor may send you feedback. You then have 2 working days to address any feedback and resubmit. Once you pass, you will receive your certificate and be listed on our directory of certified organisations.

You will need to renew your certificate annually as it expires after twelve months. We remove companies from our certified organisation list if they are not re-certified within twelve months of their last certificate.

Cyber Essentials Knowledge Hub

The Knowledge Hub is a central source of trusted, up-to-date information about the Cyber Essentials scheme. Search or browse to find reliable information and support to help answer your questions and guide you through the Cyber Essentials certification process.

You will find information about tech and cyber basics, scoping your assessment, the five controls, software support periods, sector specific guidance, and scheme updates.

Assessment Portal

Certificate Search

Become an Assessor

Insurance

Blog

Funded Programme

Chamber Cyber Essentials

Guidance for Charities

BSI Logo UK Cyber Security Council We are a Living Wage Employer National Cyber Awards 2022 Winner Armed Forces Covenant Cyber First Support