Cyber Essentials PLUS

Cyber Essentials PLUS

CE+ Audit Details

Cyber Essentials PLUS involves completing the online assessment followed by a technical audit of the systems that are in-scope for Cyber Essentials. This includes a representative set of user devices, all internet gateways and all servers with services accessible to unauthenticated internet users. The assessor will test a suitable random sample of these systems (typically around 10 per cent) and then make a decision whether further testing is required.

You will need to complete your Cyber Essentials PLUS audit within 3 months of your last Cyber Essentials basic certification. Alternatively, you can complete the online assessment as part of the Cyber Essentials PLUS certification.

The assessor will need to visit your head office and a representative sample of your other offices in order to carry out the tests. The quantity of other offices visited depends on the complexity of your organisation - in a multinational organisation the assessor may need to visit a number of countries. Some tests may be carried out remotely provided that the agreed on-site visits have been carried out.

You can see the common test specification used by all Accreditation Bodies here.

Cost of CE+

The cost of a Cyber Essentials PLUS assessment will depend on the size and complexity of your network. You can submit an enquiry here to be emailed with a quote for a Cyber Essentials PLUS assessment from two different Certification Bodies.  

Alternatively you can see all the Certification Bodies listed here with their contact details if you would like to contact them directly for a quote.  In addition to assessing you at the Cyber Essentials PLUS level, the Certification Bodies can also act as consultants to help you achieve the certification.