A quick overview

Cyber Essentials is an annually renewable certification that demonstrates that your organisation has the most important cyber security controls in place.

In order to ensure that the scheme remains effective in the ever-changing threat landscape, the requirements and assessment questions are reviewed and updated regularly by a team of experts based on their risk assessment. This means that the certification may change slightly from year to year.

How does it work?

The Cyber Essentials assessment consists of a verified self-assessment questionnaire which must be answered on the assessment platform after registering for certification.  A senior member of the board or equivalent from your organisation must e-sign a document to verify that all the answers are true and then a qualified external Assessor will mark the answers. Organisations have 6 months from the date of application to pass the assessment and attain certification.

Take time to prepare

To help you understand your organisation’s cyber security, take a look at the Cyber Essentials Readiness Tool (more details below in ‘Help and Support is at hand’).

It is a good idea to prepare your assessment answers early using a working document or spreadsheet. The current assessment question set is available to download from the link below as either a pdf or an excel spreadsheet.  

Download the Cyber Essentials assessment questions

The current ‘requirements for infrastructure V3.1’ document is also available to download from the NCSC website.

Register and pay

When you are ready, you will need to register for certification and make a payment.

Cyber Essentials online application form

Certification costs £300 + VAT for a micro-organisation (1-9) employees. Small, medium and large organisations will pay a little more, on a sliding scale that aims to reflect the complexity involved in assessing larger organisations.

The application form will allow you to pay via card or your PayPal account using the PayPal platform, or alternatively, to request an invoice be sent to you so you can pay via bank transfer.

Fill in the self-assessment questions on the secure platform

Once your application and payment have been received, you will receive your online assessment portal log-in details so that you can enter your answers into the on-line assessment platform. 

It is possible to cut and paste your answers from the preparation spreadsheet onto the assessment platform, but your completed answers on a spreadsheet will not be accepted for assessment. The questions address the scope of the assessment and the five core controls. These include user access control, secure configuration, security update management, firewalls and routers, and malware protection. You do not have to complete all of your answers at once – you can save them as you go along.  

Please note there is a time limit of 6 months from when you purchase your assessment account to completing the assessment.  Once you have submitted your assessment for marking, your Assessor may send you feedback. You then have 2 working days to address any feedback.  

Once you submit your answers, it will usually take 2 – 3 days to get the result back to you.  If you have a tight deadline for certification, then please let us know and we will do our best to help you meet it.  

 Assessment results and certificate

Your Cyber Essentials certificate will be a digital BlockMark certificate

IASME ensures that its certificates and badges are secure, transparent and verifiable by using BlockMark digital certificates.

You will first receive an email informing you of your assessment results, following that, you will receive a second email with a link to create an account on BlockMark that will allow you to access and download your digital badge and certificate.  You will be able to embed your badge in your email and website footer as verifiable proof you hold certification.  Your badge should only be used in accordance with the branding guidelines which you can see when you access your account to download your certificate. 

 For more information about BlockMark certificates and accounts, please read our user guide (add link) 

 Cyber Essentials Plus

 Cyber Essentials Plus covers the same requirements as Cyber Essentials, but includes a technical audit of your systems.

An organisation can complete their Cyber Essentials Plus audit within 3 months of their last Cyber Essentials certification.

The audit can be carried out on site or remotely and includes vulnerability scans of the organisation’s scoped infrastructure. The auditor will also carry out some checks by observing users carrying out every day tasks on a set of sampled devices.

As the Cyber Essentials Plus assessment needs time from technical experts, it is more expensive than the basic level Cyber Essentials. The cost will depend on the size and complexity of the network.  IASME has a number of Certification Bodies who are trained and licensed to do the Cyber Essentials Plus audit. A quote for Cyber Essentials Plus can be applied for via the IASME website, and the applicant will be emailed quotes from three different Certification Bodies. Alternatively, the applicant can choose a Certification Body and contact them directly for a quote.

Help and support is at hand

Readiness Tool

If you are not sure if you are ready to certify or would like to gauge how your current cyber security measures up to the standard required for Cyber Essentials, take a look online at the Cyber Essentials Readiness Tool. The process of working through the interactive question set will inform you about your level of understanding and what aspects of your organisation’s cyber security you need to improve or learn about. Based on your answers, you will be directed towards guidance written in plain English and helpful next steps, and at the end of the process, you will be able to download a tailored action plan to help you move towards certification.

Go to the Readiness Tool

Certification Bodies

IASME has a network of trained and licensed cyber security consultants which we call, Certification Bodies or CBs. These experts, located all around the UK and Crown Dependencies can support your organisation in preparing and certifying against Cyber Essentials. 

Cyber Advisors

Cyber Advisor is the National Cyber Security Centre’s new Industry Assurance scheme delivered in partnership with IASME. It provides small and medium sized organisations with reliable and cost effective cyber security advice and practical support.

Cyber Advisors (Cyber Essentials) can help organisations assess the gap between their current cyber security stance, and that achieved by implementing the Cyber Essentials technical controls. This service is tailored towards small and medium sized organisations and the Advisors have all been assessed not just on their technical knowledge, but also their ability to work specifically with small organisations.

You can find more information and a list of registered Cyber Advisors that are located all around the UK on the IASME Website (find a cyber advisor). Contact them directly for advice. 

Further questions

Read the FAQs on our website 

Contact a member of the IASME team via email: info@iasme.co.uk

Or phone: 03300 882 752

or via our website: https://iasme.co.uk/contact-us/ .