Cyber Essentials is an annually renewable certification valid for 12 months from the date the Assessor finishes marking your assessment and runs the certificate report. If you originally applied for a pool assessment through IASME, you will receive a reminder 30 days and 7 days prior to the expiry of your certification, and another one 7 days after expiry.  If you originally certified through a Certification Body (CB), IASME will remind your CB about their customers' expiries, but we don't contact you directly. Your renewal reminder will include the exact date that your current certificate was issued.

Please note that the scheme requirements and question sets are reviewed and updated regularly by a team of experts. This is to keep the scheme effective in the ever-changing threat landscape. With this in mind, there are likely to be differences to when you completed your assessment previously and these could include changes or additional technical requirements. 

It is a good idea to prepare your assessment answers early using a working document or spreadsheet. The current assessment question set is available to download from the link below as either a pdf or an excel spreadsheet.  

Download the Cyber Essentials assessment questions

The current ‘requirements for infrastructure V3.1’ document is also available to download from the NCSC website.

When you are ready, you will need to register for certification and make a payment.

Cyber Essentials online application form

Certification still costs £300 + VAT for a micro-organisation (1-9) employees. Small, medium and large organisations will pay a little more, on a sliding scale that aims to reflect the complexity involved in assessing larger organisations.

The application form will allow you to pay via card or your PayPal account using the PayPal platform, or alternatively, to request an invoice be sent to you so you can pay via bank transfer.

Fill in the self-assessment questions on the secure platform

Once your application and payment have been received, you will receive your online assessment portal log-in details so that you can enter your answers into the on-line assessment platform. 

It is possible to cut and paste your answers from the preparation spreadsheet onto the assessment platform, but your completed answers on a spreadsheet will not be accepted for assessment. The questions address the scope of the assessment and the five core controls. These include user access control, secure configuration, security update management, firewalls and routers, and malware protection. You do not have to complete all of your answers at once – you can save them as you go along.  

Please note there is a time limit of 6 months from when you purchase your assessment account to completing the assessment.  Once you have submitted your assessment for marking, your Assessor may send you feedback. You then have 2 working days to address any feedback.  

Once you submit your answers, it will usually take 2 – 3 days to get the result back to you.  If you have a tight deadline for certification, then please let us know and we will do our best to help you meet it.  

Renewing your BlockMark certificate

IASME ensures that its certificates and badges are secure, transparent and verifiable by using BlockMark digital certificates.

After you have received your email informing you of your assessment results, you will receive a second email with a link that will allow you to access and download your digital badge and certificate. 

The current IASME certification renewal process involves issuing a new certification number. This means that a renewal is effectively treated as a new certification. You will not need to set up a new account on BlockMark Registry, as the new/renewed certificate should connect to your previous account if the same organisation type and number has been used. However, as embed codes are linked to individual certificates, when your current badge expires and disappears, renewing your certificate will not make it come back automatically. You will need to get the embed code from your new certificate and embed it in your email footer or website as a replacement.  

In the future, we hope to change the renewal process to allow embedded badges to renew automatically.

For more information about BlockMark certificates and accounts, please read our user guide (add link)

 Cyber Essentials Plus

 Cyber Essentials Plus covers the same requirements as Cyber Essentials, but includes a technical audit of your systems.

An organisation can complete their Cyber Essentials Plus audit within 3 months of their last Cyber Essentials certification.

The audit can be carried out on site or remotely and includes vulnerability scans of the organisation’s scoped infrastructure. The auditor will also carry out some checks by observing users carrying out every day tasks on a set of sampled devices.

As the Cyber Essentials Plus assessment needs time from technical experts, it is more expensive than the basic level Cyber Essentials. The cost will depend on the size and complexity of the network.  IASME has a number of Certification Bodies who are trained and licensed to do the Cyber Essentials Plus audit. A quote for Cyber Essentials Plus can be applied for via the IASME website, and the applicant will be emailed quotes from three different Certification Bodies. Alternatively, the applicant can choose a Certification Body and contact them directly for a quote.

Help and support is at hand

Certification Bodies

IASME has a network of trained and licensed Certification Bodies . These cyber security consultants are located all around the UK and Crown Dependencies can support your organisation in preparing and recertifying against Cyber Essentials. 

Cyber Advisors

Cyber Advisor is the National Cyber Security Centre’s new Industry Assurance scheme delivered in partnership with IASME. It provides small and medium sized organisations with reliable and cost effective cyber security advice and practical support.

Cyber Advisors (Cyber Essentials) can help organisations implement the Cyber Essentials technical controls. This service is tailored towards small and medium sized organisations and the Advisors have all been assessed not just on their technical knowledge, but also their ability to work specifically with small organisations.

You can find more information and a list of registered Cyber Advisors that are located all around the UK on the IASME Website (find a cyber advisor). Contact them directly for advice. 

Further questions

Read the FAQs on our website 

Contact a member of the IASME team via email: info@iasme.co.uk

Or phone: 03300 882 752

or via our website: Contact Us - IASME - Home .