Cyber Essentials Plus

  • Builds on Cyber Essentials with hands-on testing

  • A pre-requisite for many UK GOV contracts

  • Reduce the risk of cyber incidents, financial and reputational impact

What is Cyber Essentials Plus?

Cyber Essentials Plus is a UK government-backed certification scheme designed to help organisations protect themselves against the most common cyber attacks. Building upon the self assessment seen with Cyber Essentials Basic, CE+ looks to inspect, verify and validate your submission with the help of a qualified assessor. Think of Cyber Essentials as your answers to a questionnaire, and Cyber Essentials Plus as the questionnaire being queried and marked.

The 5 Key Controls

To get certified, an organisation must prove it has security controls across five technical areas. With Cyber Essentials Plus, these controls will be visually inspected by an IASME qualified assessor. These controls consist of:

  1. Firewalls: Creating a "buffer zone" between your internal network and the internet to block unauthorised access.

  2. Secure Configuration: Ensuring devices and software are set up securely (e.g., changing default passwords and removing unnecessary apps).

  3. User Access Control: Limiting access to data and services so that employees only have the permissions they need for their specific roles.

  4. Malware Protection: Using up-to-date antivirus software and "sandboxing" to stop malicious code from running.

  5. Security Update Management: Keeping all software and operating systems patched and up-to-date (typically within 14 days of a patch being released).

Icons representing cybersecurity, data protection, and technology security, including a bug, a shield with a lock, a gear with a dollar sign, fire on bricks, and a laptop with a gear symbol.

Why do I need it?

  • Government Contracts: It is mandatory for any business bidding for central government contracts that involve handling personal or sensitive data.

  • Customer Trust: It proves to your clients and partners that you take data security seriously.

  • Insurance Incentives: Many UK insurance companies offer lower premiums or even free basic cyber insurance to organisations that hold a valid certificate.

  • Supply Chain Safety: It helps ensure that your suppliers aren't a "weak link" that could lead to a breach of your own systems.

Speech bubble with the word "WHY" and a question mark in a circle above it.

How we can help

We provide Cyber Essentials certification services to help organisations establish strong, practical protection against common cyber threats. To deliver more advanced assurance, we have partnered with Red Citadel, enabling us to offer Cyber Essentials Plus alongside comprehensive penetration testing services.

This partnership ensures that our clients benefit from both foundational security certification and in-depth, real-world testing of their systems. By combining our expertise with Red Citadel’s specialist capabilities, we can support businesses in strengthening their cybersecurity posture, meeting compliance requirements, and building trust with customers and stakeholders. You can find more about Red Citadel here.

Want to enquire?
Drop us a message below