Cyber Essentials Plus

What is Cyber Essentials Plus?

The UK government reported that around one-third of businesses experienced a cyber security breach in 2019, and for some of these businesses, the cost of the breach was substantial. As a result, cyber security is becoming a crucial consideration for businesses of all sizes. Cyber Essentials Plus certification will give you and your partners confidence that your organisation is protected against a cyber security breach.

Cyber Essentials Plus maintains the simplicity and approach of Cyber Essentials but provides the added assurance of a hands-on technical audit of your system by an experienced cyber security assessor. We will examine the same five basic security controls as the Cyber Essentials certification and test their effectiveness through a comprehensive technical audit.

  • Increased credibility and reputation, customers feel more confident in sharing information with you
  • Raised awareness of threat with staff reduces risk levels
  • Stand out from competitors, retain and win more business
  • Certification gives you peace of mind that your defences will protect against the vast majority of common cyber attacks
  • Tender for contracts with the MOD, NHS, and central government work
  • Improved business continuity management
  • Reduce your insurance premiums by reducing your resilience to cyber threats
  • Drive business efficiencies throughout your organisation which helps improve productivity

Cyber Essentials Plus is a UK Government standard for technical controls aimed at helping organisations enhance their IT infrastructure security and protect against cyber attacks. This certification necessitates an independent audit of your systems.

The scheme is designed to help organisations prevent common internet-based attacks and implement the appropriate controls to safeguard the confidentiality, integrity, and availability of data stored on all internet-facing devices.

Cyber Essentials certification is a straightforward process to safeguard your business against common cyber threats. You will need to complete a self-assessment questionnaire, which will be reviewed by a British Assessment Bureau assessor. They will independently verify your responses to ensure that you have implemented the recommended five key cyber controls necessary to protect your organisation from the most common cyber attacks.

Cyber Essentials Plus certification builds on the same basic principles as Cyber Essentials but involves a more rigorous examination of your organisation’s cyber security systems. This certification requires a hands-on technical verification by a qualified assessor to confirm your eligibility for Cyber Essentials Plus certification.

Protecting your organisation against the majority of common cyber attacks demonstrates to stakeholders your commitment to keeping their data secure, which can lead to business retention and potentially attract new business.

Implementing a higher level of security for your systems will drive business efficiencies throughout your organisation, improving productivity through streamlined processes and reducing operational costs.

You will also be eligible to bid for UK central government contracts that involve handling personal and sensitive information.

Additionally, by reducing your vulnerability to cyber threats, you can lower your insurance premiums.

Becoming Cyber Essentials Plus certified confirms that you have undergone an independent audit, effectively addressing your cyber security and reducing the risk from internet-based threats. This certification ensures that you have met the standards set by the Cyber Essentials scheme.

Certification provides assurance to stakeholders that you comply with the five key controls, protecting your organisation against cyber threats. This reassurance can aid in winning new business. Additionally, in certain industry sectors, central government contracts require Cyber Essentials certification as a minimum.

This all depends on your organisational needs. If you aim to work within the public sector and bid for central government contracts, they will require Cyber Essentials as a minimum. If you want to demonstrate that your organisation is compliant with cyber security standards, takes data protection seriously, and holds sensitive data, you may also want to achieve Cyber Essentials Plus certification.

The Cyber Essentials question set is part of the Cyber Essentials Plus certification process. It is the same checks as Cyber Essentials scope but involves a technical audit of the systems. This includes a representative set of user devices, all internet gateways, and all servers with services accessible to unauthenticated internet users. If you have achieved the basic level Cyber Essentials certification less than 3 months before certifying to Cyber Essentials Plus and nothing has changed you will not need to repeat the self-assessment questions stage. The assessor will check that you still meet the FIVE security requirements of Cyber Essentials before proceeding with Cyber Essentials Plus certification.

The Cyber Essentials self-assessment is part of the application for Cyber Essentials Plus and is processed simultaneously. You must meet the minimum requirements of Cyber Essentials before we can process your Cyber Essentials Plus application. This involves completing the Cyber Essentials questionnaire, which will verify your compliance as part of achieving Cyber Essentials Plus.

To apply for Cyber Essentials Plus, you must possess a Cyber Essentials certificate, provide a copy of the submitted Cyber Essentials questionnaire, and confirm that no changes have been made to your controls since the submission.