Protect your organisation from common cyberattacks with the government-backed Cyber Essentials initiative. This programme allows you to swiftly demonstrate your commitment to security, boost customer trust, and safeguard sensitive data while preparing for the cyber essentials plus requirements set by the IASME Cyber Essentials scheme.
Ready to secure your business and reputation?
Cyber Essentials is tailored for any organisation, irrespective of size, industry, or technical expertise, aiming to enhance its security posture and showcase a commitment to safeguarding sensitive data. Understanding the cyber essentials plus requirements can help organisations effectively implement necessary measures while considering the cyber essentials cost involved.
If your organisation depends on digital tools—email, cloud platforms, e-commerce, or data storage—then IASME Cyber Essentials is vital. By obtaining this certification, you demonstrate to customers, partners, and stakeholders that security is a priority and that you are committed to protecting your systems against the most prevalent cyber threats.
Cyber Essentials covers the following:
Our IASME Cyber Essentials plans provide a flexible approach to meeting the Cyber Essentials requirements, no matter your company’s current stage in the journey towards cyber security maturity 🚀.
Our managed plans guarantee compliance with industry standards ✅ while alleviating the challenges of maintaining them. We recognise that navigating cybersecurity can be daunting, which is why we provide valuable insights from our knowledgeable cybersecurity consultants 🧑💻, ensuring you effectively meet the cyber essentials plus requirements.
Feel confident that your customer’s information is secure with our IASME Cyber Essentials plans. Select the ideal plan for your business 💼 and adopt a proactive stance towards cyber security while understanding the Cyber Essentials cost involved.
Cyber Essentials is a strong signal to customers that you are actively addressing the cyber essentials plus requirements 🔒 to protect your data and business from prevalent cyber threats.
Our Cyber Essentials plans encompass the same effective strategies as our standard offerings, but with Cyber Essentials Plus, you gain the advantage of hands-on technical validation 🤝. This process verifies your protection against cybercrime and ensures compliance with the Cyber Essentials requirements.
By opting for Cyber Essentials Plus, you significantly enhance your overall security posture 🛡️, making your organisation more resilient against potential threats. Additionally, understanding the Cyber Essentials cost 💰 is crucial for budgeting your cybersecurity investments effectively.
Our managed solution lays the foundations for compliance frameworks such as IASME Cyber Assurance, ISO 9001, 27001, 22301, and GDPR.
The Cyber Essentials Plus Audit and Guided pricing is based on the average number of consulting hours required to assess all controls. Please use our rapid quoting tool to receive a bespoke price.
The Managed Cyber Essentials Plus package combines Cyber Essentials Self-Assessed, and Cyber Essentials Plus requirements.
The latest statistics from the U.K Governments Cyber Security Breaches Survey
It demonstrates a commitment to Cyber Security
Cyber Liability Insurance – Cover for up to £25,000 for applicable companies
Increase your chances of winning new business
By adopting the standards, you are protected from the majority of common cyber threats
It shows to customers and partners you’re committed to protecting their data
To bid on government contracts organisations must be certified against the Cyber Essentials standard
It helps avoid disruption to business and reputational damage
During the Cyber Essentials Plus audit, CSIQ will provide a comprehensive Internal, External, and Website vulnerability scan 🔎. This process examines your organisation’s systems and networks for weaknesses or potential entry points hackers could exploit. By regularly running these scans, you gain valuable insights into any gaps in your security posture 🛡️—allowing you to swiftly address and remediate issues before they escalate.
When integrated into your broader cybersecurity strategy, vulnerability scanning provides a powerful layer of defence. It ensures ongoing compliance with industry standards, such as Cyber Essentials and Cyber Essentials Plus ✅, and demonstrates to stakeholders that you are serious about protecting sensitive data. By identifying high-risk areas and prioritising remediation efforts, vulnerability scanning empowers you to maintain a resilient infrastructure, reduce downtime, and safeguard your reputation from the impact of cyberattacks.
Internet-facing, external vulnerability scans are conducted using multiple industry-leading vulnerability management solutions that are PCI compliant and approved for use by the Cyber Essentials scheme.
Outsource vulnerability management to a specialist cyber security team with one of our Managed Attack Surface packages.
Internal network vulnerability scans are completed using a PCI-compliant industry-leading vulnerability management solution approved for use by the Cyber Essentials scheme.
Check out our advanced penetration testing services if you need proof your company is protected.
Your company website will only be in scope for Cyber Essentials if you manage the platform. A website vulnerability scan can find vulnerabilities that could lead to defacement and reputational damage.
Check out our Web Application Penetration services to feel confident your website is secure.
All consultancy and managed services include access to our Risk Management Portal.
All risk types, including technical, human, residual and inherent, are allocated a score, allowing for a strategic approach to risk reduction.
Monthly reports from our managed services detailing individual risk scores, a summary of events, detailed vulnerabilities, and security recommendations are all available from the platform.
Multiple vulnerabilities are typically exploited to reach a target. Our platform visualises the attack path taken by your consultant to achieve the objective.
Track your exposure over time to ensure that your IT teams are tackling the vulnerabilities identified.
If you have our pre-pay contract, simply send us a message through the platform to assist with the remediation.
To find out more about the other compliance and governance service that we offer, visit our IASME Cyber Assurance.
Or get in touch to find out more about all our services.
We are proud of our industry recognised certifications in Cyber Security and Service Delivery
See the pricing table or request a quote or give us a call to get a rapid price.
Cyber Essentials is not a mandatory requirement for all businesses. However, it is commonly a supplier requirement, especially when tendering for government work or larger organisations.
This depends on the size of your network and how many devices make up the sample set that the assessor will need to test.
Generally, we can complete all testing within one business day and will prepare a schedule with you in advance to minimise disruption.
A typical turnaround time for certification is two weeks from order.
Cyber Essentials is not the same as ISO 27001, but it is a natural stepping stone if you are starting out on your compliance journey. The management system included in our managed Cyber Essential Managed packages makes the transition to ISO 27001 simpler and quicker.
Although Cyber Essentials certification is not a legal requirement, some of your customers and partners may require it as part of their supplier due diligence checks to reassure them that you take their security and privacy seriously.
You can confirm who has a Cyber Essentials certificate by checking out the National Cyber Security Centres certificate search here.
We are able to conduct the entire audit remotely without needing to visit the site.
Our vulnerability management software also does not require us to send a server to the site, reducing the administrative overhead and costs considerably.
Cyber Essentials Plus provides a more advanced level of assurance and includes a technical audit of the systems in scope for Cyber Essentials. Organisations applying for Cyber Essentials Plus must also pass an on-site/remote assessment and an internal/external vulnerability scan.
Do not worry; it is not common for an organisation to pass Cyber Essentials Plus without any remediation.
If you fail the assessment, the assessor will prepare a report outlining the reasons and the remediation work required to achieve a pass. There is a 30-day retesting window where the organisation can carry out the remediation steps listed. CSIQ can then retest just those areas which failed within the 30-day window. If those vulnerabilities have been remediated, then CSIQ will be able to award a pass for Cyber Essentials Plus.
We will email you a reminder in advance of your expiry date outlining the steps to work through your renewal.
The Cyber Essentials logo was updated in 2023. Once your company achieves certification, you will receive your blockmark certificate and logos for use on your website and marketing material.
Cyber Essentials Logo
Once you have been certified you will receive a blockmark digital certificate.
There are two types of Cyber Essentials certification, Self Assessed and Plus. The applicant organisation completes the self-assessment, which an approved Certification Body then marks.
The Cyber Essentials standard is based on the five controls
Future editions will also emphasise multi-factor authentication and protecting cloud accounts.
Cyber Essentials self-assessed requires the applicant company to complete a questionnaire on implementing the five controls within their organisation, which an assessor then marks. The company is awarded a Cyber Essentials certificate if the applicant demonstrates that they apply the five controls’ principles.
The cyber essentials scheme was first launched on the 5th of June, 2014.
We think so. While not all-encompassing, It is an excellent foundation to build your company’s security practices. In today’s connected world, internet access has become necessary for companies to function. Still, access to the internet puts your company at risk for misconfigurations, poor cyber hygiene, and malicious actors looking to profit from your company’s vulnerabilities.
You will only need Cyber Essentials if you are required to have a valid certificate to meet supplier requirements. We, of course, believe that every company should aim to achieve the Cyber Essentials standard as it represents a robust foundation to build cyber resilience.
The requirements to receive £250,000 of cyber liability insurance are as follows:
What’s Covered?
What’s Excluded?
Only certification bodies trained and licensed by IASME can certify an organisation against the NCSC’s Cyber Essentials scheme. CSIQ assessors are IASME qualified, and CSIQ is authorised to deliver Cyber Essentials and Cyber Essentials Plus certifications.
Cyber Essentials Plus is a verification assessment of the controls listed in the Cyber Essentials self-assessment questionnaire.
All organisations must achieve Cyber Essentials Self-Assessed; Companies then have a 3-month window to schedule their Cyber Essentials Plus assessment.
The Cyber Essentials Plus logo was updated in 2023, once your organisation achieves certification, you will receive your blockmark certificate and logos for use on your website and marketing material.
Cyber Essentials Plus Logo
Send us an enquiry to get a rapid response from a cybersecurity expert.
Email Us
Call Us
"*" indicates required fields
