Our Services

Cyber Essentials

We provide expert cyber security consultancy and guidance to help your business achieve Cyber Essentials certification.

Contact

Cyber Essentials Scheme

Cyber Essentials is a UK government-backed scheme that aims to protect organisations from potential vulnerabilities and the most common cyber attacks.

The Cyber Essentials scheme allows your company to demonstrate its commitment to maintaining and continually improving its security and reducing its cyber security risks from common cyber threats.

Achieving your Cyber Essentials certification can also help to increase your trust and reputation with clients, partners, and suppliers while allowing your company to bid and conduct work on certain UK government contracts.

Our team have over 10 years of expertise focused on security testing practices.

We identify, evaluate and communicate the issues which pose a risk to your business.

We utilise a combination of best practice methodologies alongside years of industry experience

We use tried and tested approaches to identify the issues which present a critical risk to your business.

Our experienced cyber security professionals ensure you stay informed throughout the assessment process.

Through regular communication, scheduled calls, and ongoing support, we ensure you have all the information needed to understand and improve your cyber security posture.

Maintaining Cyber Essentials Certification

Cyber Essentials is an annual certification process requiring a qualified assessor to audit your organisations self-assessment questionnaire and ensure your company continues to adhere to the technical requirements defined by the Cyber Essentials controls.

Our trained consultants are always available to provide advice, guidance and ensure you maintain your Cyber Essentials certified status.

On average, over a hundred new vulnerabilities are disclosed each day, which may affect the security of your systems.

Conducting a Cyber Essentials assessment can uncover the vulnerabilities which impact your business and help to identify solutions to improve your security posture.

Cyber Security has become increasingly prevalent as a client, partner and supplier requirement.

Cyber Essentials Certification can evidence your commitment to cybersecurity, illustrate your proactive approach to security and demonstrate a seriousness to information security best practices, helping to maintain the confidence of existing clients and win new business.

Where a cyber security incident does occur, there are often several associated costs involved, such as the time and resources required for recovery, and any relevant fines and penalties which may be levied against your business for not managing information security effectively.

Conducting a Cyber Essentials assessment can identify the areas of risk within your business and help to produce a cost-effective approach and targeted strategy to address these security weaknesses.

Multiple compliance standards focus on your cyber security posture and how a business manages information security effectively.

Cyber Essentials Certification has become a staple component of compliance requirements, and can be conducted to align with your other standards, and improve your organisation’s overall reputation for the secure management of information security.

Cyber Essentials Requirements

Cyber Essentials certification consists of a range of requirements for your business, its policies, processes, and technical controls.

The Requirements for IT Infrastructure document, published by the National Cyber Security Centre (NCSC) provides a detailed description of controls that should be in place to achieve Cyber Essentials certification.


The Cyber Essentials technical controls consist of the following categories:

The assessment outlines the requirements for protecting your internet gateways.

Which includes managing a secure configuration, defining secure passwords, and ensuring the protection of your internet-facing services.

Cyber Essentials outlines the requirements for managing all of your business devices to a secure standard.

Including securing your user accounts and protecting against unauthorized access.

Cyber Essentials covers the requirements to ensure your devices remain protected from known vulnerabilities and cyber-attacks.

This process is conducted by ensuring regular updates for all of your devices

The assessment outlines a set of basic security controls to protect your user accounts.

By applying Cyber Essentials controls to manage your account permissions, remove default passwords, and configure secure credentials.

The Cyber Essentials scheme ensures protection from the vast majority of cyber-attacks

This requires your IT systems to implement a method to protect from potential malware attacks.

Our Approach

The Cyber Essentials certificate consists of a self-assessment questionnaire that evaluates your company’s policies, processes, and technical security controls.

Each completed questionnaire is reviewed by our cyber advisors to ensure your organisation meets each of the requirements defined within the Cyber Essentials five technical control areas.

Where updates or changes to your current setup are required, our expert advisors work alongside your team to ensure your company adheres to each of the requirements and is ready to achieve cyber essentials accreditation.

Working alongside our cybersecurity consultants with over a decade of industry experience throughout your entire assessment process, from initial enquiry to project summary.

We provide help, support and guidance to ensure each of your security requirements are met.

Receive updates on your security weaknesses throughout the assessment.

Ensuring you stay informed and are never left in the dark about how your penetration test is progressing.

The specific cyber security concerns your organisation has can vary, and it’s important to our team that your individual concerns and risks are always addressed.

Our penetration testing team work with you to produce and deliver a report which meets your requirements and helps achieve your goals.

Security assessments don’t end with the report. Remediation, reassessments, and vulnerability management strategies all present ongoing challenges to address after a penetration test.

Our team ensure ongoing support is always available to help you address your immediate risks and achieve ongoing cyber security.

Popular Questions

If you have any concerns over cyber security and the risks posed by cyber criminals and malicious software, Cyber Essentials can form a secure framework for your company to maintain, providing protection from the most common cyber attacks which are prevalent.

  • The process of refining and implementing a cyber security framework within your organisation can help provide assurance and trust to your clients, partners and suppliers that your business and information security standards have been assessed by a recognised certification body and your business can be considered a trusted partner.
  • Cyber Essentials is a UK Government backed scheme, and companies which hold a valid Cyber Essentials certificate can bid on a range of government contracts which involve handling of sensitive or personal data.

Cyber Essentials evaluates your organisation based around the following security controls:

These five control categories assess how your business manages its policies and technical controls when implementing the Cyber Essentials requirements.

There are multiple questions which are covered within the Cyber Essentials self-assessment questionnaire to cover each of these technical controls, such as:

  • Firewalls
  • Secure Configuration
  • Security Update Management
  • User Access Control
  • Malware Protection
  • How your organisation maintains and manages the services accessible through your Firewall.
  • How your company defines and implements a secure password policy.
  • How often your devices have security updates applied.
  • How your business limits the number of administrator accounts in use.
  • How your business has implemented a Malware protection solution.

Cyber Essentials certification includes the self assessment questionnaire which is reviewed by a qualified assessor and is a prerequisite before progressing towards Cyber Essentials Plus certification.

Cyber Essentials Plus is a technical audit of the systems and solutions defined within your Cyber Essentials self assessment questionnaire, and consists of multiple practical tests of your systems, such as:

  • An External vulnerability scan of your companies internet facing assets.
  • An Authenticated vulnerability scan of the laptops, desktops and servers, defined within the Cyber Essentials Questionnaire.
  • A review of the secure configuration standards in place within your user desktop environments.
  • An assessment of the User Access Controls and authentication measures in place for your accounts.
  • A review of the Malware Protection solution defined within the Cyber Essentials Questionnaire.

The Cyber Essentials scheme has some fixed costs for submitting the self assessment questionnaire to the IASME portal, listed here, ranging from £320-£600 excluding VAT.

  • These prices can change and are designed around a tiered pricing structure based upon the size of an organisation.
  • In addition to the submission costs, Cyber Essentials certification bodies will typically have consultancy costs for their time, advice and guidance working through the certification process.
  • This cost can be variable between companies and can also depend on the size of your organisation, and whether you have already achieved cyber essentials certification before.

The time for certification can be dependent on how long it can take a company to collate all the information needed to fill in the Cyber Essentials self assessment questionnaire.

  • This may only take a few hours or may take a few days, depending on the organisation, their size and complexity.
  • Once the information is submitted, it should only take a few days for an assessor to review the cyber security measures in place for your organisation, and either provide feedback on where to improve or provide a certification.

The aim of working alongside a Cyber Essentials consultant is to avoid this scenario, and to ensure you have all of the necessary cyber security controls in place to achieve certification.

  • Where a questionnaire is submitted which requires a business to implement some changes, feedback and advice will be provided on how to address these issues, and each company receives a two day period to review and implement the recommended changes before resubmitting the questionnaire for further review.
  • If more significant changes are needed that cannot be completed in two days, or the questionnaire is still a fail after resubmission, each of the issues will still need to be addressed and the company will need to reapply and pay an additional assessment charge.

There are multiple options available for your company to prepare for Cyber Essentials in advance of paying any certification or consultancy costs.

  • IASME have developed a short set of questions which can help provide advice on whether you are ready to begin the certification process.
  • The technical requirements for your systems to meet Cyber Essentials basic certification standards are outlined in the Requirements for IT Infrastructure document published by the National Cyber Security Centre (NCSC).
  • The questions for the self assessment questionnaire are available to download as an excel or pdf document from IASME at the following location.
  • A detailed description of the Cyber Essentials Requirements is also outlined in the following article to help your organisation prepare for assessment.

Secure.

Protect.

Assure.

Quality Assurance
Cyber Assurance
Cyber Essentials Plus
Cyber Essentials Assessor