Cyber Essentials certification is not just a recommendation; it’s a vital commitment to cyber security, especially for those handling sensitive data or seeking UK government contracts.
Our experienced NCSC-accredited consultants help you meet the standard and beyond to ensure your business stays ahead of emerging threats.
Effortlessly maintain compliance with CSIQ while you focus on growth.
Safeguarding your business against cyber-attacks is crucial in today’s digital age. Fortunately, the UK government has introduced the Cyber Essentials scheme to help protect you from the most prevalent online threats.
Cyber Essentials reduces your risk by addressing low-skill, high-impact vulnerabilities and demonstrates your commitment to data protection with an industry-recognised standard.
We are proud to be Cyber Essentials Certification Body, and we offer customised and guided solutions to ensure that you quickly meet the certification requirements. Our team will support you throughout the process to give you peace of mind and confidence in your cybersecurity measures.
Cyber Essentials covers the following:
Our Cyber Essentials plans offer a flexible solution to achieving certification, regardless of where you are on your company’s journey towards cyber security maturity.
Our managed plans ensure compliance with industry standards and ease the burden of maintaining them. We understand that managing cybersecurity can be overwhelming, so we offer constructive feedback from our experienced cybersecurity consultants.
Rest easy knowing that your customer’s information is in good hands with our Cyber Essentials plans. Choose the right plan for your business and take a proactive approach to cyber security.
Cyber Essentials Plus demonstrates to customers that you are proactive in protecting your data and business from common cyber threats.
Our Cyber Essentials Plus Plans include the same strategies covered within our standard Cyber Essentials plan but with a hands-on technical validation that verifies your protection against cybercrime.
Our managed solution lays the foundations for compliance frameworks such as IASME Cyber Assurance, ISO 9001, 27001, 22301, and GDPR.
The Cyber Essentials Plus Audit and Guided pricing is based on the average number of consulting hours required to assess all controls. Please use our rapid quoting tool to receive a bespoke price.
The Managed Cyber Essentials Plus package combines Cyber Essentials Self-Assessed, and Cyber Essentials Plus requirements.
The latest statistics from the U.K Governments Cyber Security Breaches Survey
It demonstrates a commitment to Cyber Security
Cyber Liability Insurance – Cover for up to £25,000 for applicable companies
Increase your chances of winning new business
By adopting the standards, you are protected from the majority of common cyber threats
It shows to customers and partners you’re committed to protecting their data
To bid on government contracts organisations must be certified against the Cyber Essentials standard
It helps avoid disruption to business and reputational damage
Cyber Essentials Plus helps organisations meet the minimum standard for Cyber Security. Check out our Cyber Consultancy and Managed services if you need greater visibility and control over your cyber risks.
Internet-facing, external vulnerability scans are conducted using multiple industry-leading vulnerability management solutions that are PCI compliant and approved for use by the Cyber Essentials scheme.
Outsource vulnerability management to a specialist cyber security team with one of our Managed Attack Surface packages.
Internal network vulnerability scans are completed using a PCI-compliant industry-leading vulnerability management solution approved for use by the Cyber Essentials scheme.
Check out our advanced penetration testing services if you need proof your company is protected.
Your company website will only be in scope for Cyber Essentials if you manage the platform. A website vulnerability scan can find vulnerabilities that could lead to defacement and reputational damage.
Check out our Web Application Penetration services to feel confident your website is secure.
All consultancy and managed services include access to our Risk Management Portal.
All risk types, including technical, human, residual and inherent, are allocated a score, allowing for a strategic approach to risk reduction.
Monthly reports from our managed services detailing individual risk scores, a summary of events, detailed vulnerabilities, and security recommendations are all available from the platform.
Multiple vulnerabilities are typically exploited to reach a target. Our platform visualises the attack path taken by your consultant to achieve the objective.
Track your exposure over time to ensure that your IT teams are tackling the vulnerabilities identified.
If you have our pre-pay contract, simply send us a message through the platform to assist with the remediation.
To find out more about the other compliance and governance service that we offer, visit our IASME Cyber Assurance.
Or get in touch to find out more about all our services.
We are proud of our industry recognised certifications in Cyber Security and Service Delivery
See the pricing table or request a quote or give us a call to get a rapid price.
Cyber Essentials is not a mandatory requirement for all businesses. However, it is commonly a supplier requirement, especially when tendering for government work or larger organisations.
This depends on the size of your network and how many devices make up the sample set that the assessor will need to test.
Generally, we can complete all testing within one business day and will prepare a schedule with you in advance to minimise disruption.
A typical turnaround time for certification is two weeks from order.
Cyber Essentials is not the same as ISO 27001, but it is a natural stepping stone if you are starting out on your compliance journey. The management system included in our managed Cyber Essential Managed packages makes the transition to ISO 27001 simpler and quicker.
Although Cyber Essentials certification is not a legal requirement, some of your customers and partners may require it as part of their supplier due diligence checks to reassure them that you take their security and privacy seriously.
You can confirm who has a Cyber Essentials certificate by checking out the National Cyber Security Centres certificate search here.
We are able to conduct the entire audit remotely without needing to visit the site.
Our vulnerability management software also does not require us to send a server to the site, reducing the administrative overhead and costs considerably.
Cyber Essentials Plus provides a more advanced level of assurance and includes a technical audit of the systems in scope for Cyber Essentials. Organisations applying for Cyber Essentials Plus must also pass an on-site/remote assessment and an internal/external vulnerability scan.
Do not worry; it is not common for an organisation to pass Cyber Essentials Plus without any remediation.
If you fail the assessment, the assessor will prepare a report outlining the reasons and the remediation work required to achieve a pass. There is a 30-day retesting window where the organisation can carry out the remediation steps listed. CSIQ can then retest just those areas which failed within the 30-day window. If those vulnerabilities have been remediated, then CSIQ will be able to award a pass for Cyber Essentials Plus.
We will email you a reminder in advance of your expiry date outlining the steps to work through your renewal.
The Cyber Essentials logo was updated in 2023. Once your company achieves certification, you will receive your blockmark certificate and logos for use on your website and marketing material.
Cyber Essentials Logo
Once you have been certified you will receive a blockmark digital certificate.
There are two types of Cyber Essentials certification, Self Assessed and Plus. The applicant organisation completes the self-assessment, which an approved Certification Body then marks.
The Cyber Essentials standard is based on the five controls
Future editions will also emphasise multi-factor authentication and protecting cloud accounts.
Cyber Essentials self-assessed requires the applicant company to complete a questionnaire on implementing the five controls within their organisation, which an assessor then marks. The company is awarded a Cyber Essentials certificate if the applicant demonstrates that they apply the five controls’ principles.
The cyber essentials scheme was first launched on the 5th of June, 2014.
We think so. While not all-encompassing, It is an excellent foundation to build your company’s security practices. In today’s connected world, internet access has become necessary for companies to function. Still, access to the internet puts your company at risk for misconfigurations, poor cyber hygiene, and malicious actors looking to profit from your company’s vulnerabilities.
You will only need Cyber Essentials if you are required to have a valid certificate to meet supplier requirements. We, of course, believe that every company should aim to achieve the Cyber Essentials standard as it represents a robust foundation to build cyber resilience.
The requirements to receive £250,000 of cyber liability insurance are as follows:
What’s Covered?
What’s Excluded?
Only certification bodies trained and licensed by IASME can certify an organisation against the NCSC’s Cyber Essentials scheme. CSIQ assessors are IASME qualified, and CSIQ is authorised to deliver Cyber Essentials and Cyber Essentials Plus certifications.
Cyber Essentials Plus is a verification assessment of the controls listed in the Cyber Essentials self-assessment questionnaire.
All organisations must achieve Cyber Essentials Self-Assessed; Companies then have a 3-month window to schedule their Cyber Essentials Plus assessment.
The Cyber Essentials Plus logo was updated in 2023, once your organisation achieves certification, you will receive your blockmark certificate and logos for use on your website and marketing material.
Cyber Essentials Plus Logo
Send us an enquiry to get a rapid response from a cybersecurity expert.
Email Us
Call Us
"*" indicates required fields
