Cyber Essentials

Free Scoping Call

Fixed Price With No Hidden Costs



Friendly One-To-One Support with Expert Assessors

99.9% Pass Rate

NEED HELP? See our Resources Section or Contact Us

Cyber Essentials

£300 + VAT

CE Certificate*
Free Cyber Insurance up to £25,000**

Cyber Essentials with Assistance

£925 + VAT

CE Certificate*
Free Cyber Insurance up to £25,000**
4 hours Consultancy Support

Cyber Essentials Plus

£1850 + VAT

CE+ Certificate*
Free Cyber Insurance up to £25,000**
External vulnerability scan
Assessment and Internal Vulnerability Scan***
8 Hours Consultancy Support
10 Devices

Not sure if you’re ready for CE/CE+?

The Cyber Essentials readiness toolkit uses your responses to the questions in the toolkit to create a personal action plan to help you move towards meeting the Cyber Essentials requirements. The action plan includes links to specific guidance on how to meet the requirements.

FAQs

How many devices do you need to assess for CE+?

It’s a little complicated but it essentials boils down to how many different operating systems you have. We need to have a sample size for each OS and release. This is different for every company and requires a scoping call with one of our consultants.

Please get in touch and we would be happy to scope out the assessment and provide you with a fixed price quote

What happens if we run out of consultancy support time?

The vast majority of our clients pass CE/CE+ with the bundled support time within our packages.

In the rare where a company can’t pass it is usually due to a major lack of security that can’t be resolved easily within their organisation.

If you are unsure if you are ready for cyber essential, why not use the Cyber Essentials readiness toolkit to see if you are ready.

What’s the difference between CE and CE+?

The Cyber Essentials scheme offers two levels, 1) self-assessed and independently verified, 2) ‘Plus’ level which includes an independent technical audit.

Cyber Essentials

The ‘basic’ level is self-assessed and independently verified. It works in the format of a questionnaire which has eight sections and a total of 70 questions.

Cyber Essentials Plus

This scheme includes the Cyber Essentials questionnaire but also involves an independent technical audit of your systems to verify that the Cyber Essentials controls are in place. The audit includes a representative set of user devices, all internet gateways and all servers with services accessible to unauthenticated internet users. Your assessor will test a suitable random sample of these systems (typically around 10 per cent) and then make a decision whether further testing is required.

Why do I need Cyber Essentials?

Certified cyber security:

Reassure customers that you are working to secure your IT against cyber attack
Attract new business with the promise you have cyber security measures in place
You have a clear picture of your organisation’s cyber security level
Some Government contracts require Cyber Essentials certification

What happens if we fail CE/CE+?

Our expert assessors with work with you to ensure your submission has the best possible chance of passing. For example, they will advise if your answers fall short of the current requirements and explain why so you can update it before submission.

Do I have to obtain the first level of Cyber Essentials before going on to Cyber Essentials Plus?

You need to complete the online Cyber Essentials assessment as part of the Cyber Essentials Plus certification, and this must be completed prior to the Cyber Essentials Plus assessment. Alternatively, after completing your Cyber Essentials assessment, you have three months to complete the Cyber Essentials Plus assessment, even if it has been completed by a different provider.

Do certificates have an expiry date?

All new certificates issued by IASME will have a 12-month expiry date.

Do I need Cyber Essentials to bid for a Government contract?

Some Government contracts may require you to be Cyber Essentials certified or to be able to demonstrate that the technical controls are in place.

In the first instance please confirm with the Government department their expectations with regards to Cyber Essentials. Requirements and exemptions may vary between department, so it is important that you are able to seek clarification for each contract.

How are Cyber Essentials assessments verified?

Cyber Essential is a self-assessment. However, a board member from your organisation will have to signs a declaration to confirm that the assessment answers are true. A qualified assessor who works for a Certification Body then evaluates the responses. In the event that you pass you receive a certificate.

My organisation is not based in the UK. Can I still obtain a Cyber Essentials certification?

Yes, organisations overseas are able to get certificates, however the cyber insurance is only applicable to UK organisations.

Are Bring Your Own Devices (BYOD) included in the CE/CE+ assessment?

Yes. You will need to have at least some sort of Mobile Application Management (MAM), like Intune, enabled on BYODs to demonstrate that you have control over the corporate data on those devices.

For CE+ a sample of each OS release will need to be assessed.

Resources

Cyber Essentials Readiness Toolkit

These questions are designed to help you think about cyber security within your organisation. Each question will prompt you to consider a different aspect of security which will protect your organisation against threats from the internet. Learn more >

NCSC Cyber Essentials Guide

A summary of low cost, simple techniques that can improve cyber security within your organisation. Learn more >

IASME

Some of the Cyber Essentials self-assessment questions can be difficult to understand if you do not have a technical IT background or you have a complex company structure. IASME has trained a number of qualified cyber security companies who will be able to help you understand. Learn more >

* All our Cyber Essentials and Cyber Essentials Plus packages include the cost of Cyber Essentials certification, as set out by IASME. Additional charges are for additional services delivered.

** Free cyber insurance is available to UK organisations with a turnover of less than £20 million. Includes a 24-hour helpline to report a cyber incident, with a total liability limit of £25,000. Terms and conditions apply.

*** Our Cyber Essentials Plus packages include an external vulnerability scan that covers up to 16 IP addresses and testing at one location, of one type of user account, on up to 10 sample devices. Additional workstations, server devices, mobile devices and build types may need to be tested to meet the sampling requirements of the scheme. For further information, please see our FAQ.

Cookie Name	Expiration Time	Description
_ga	2 years	Used to distinguish users.
_gid	24 hours	Used to distinguish users.
_gat	1 minute	Used to throttle request rate. If Google Analytics is deployed via Google Tag Manager, this cookie will be named _dc_gtm_<property-id>.

_gac_<property-id>	90 days	Contains campaign related information for the user. If you have linked your Google Analytics and Google Ads accounts, Google Ads website conversion tags will read this cookie unless you opt-out.
__hstc	13 months	The main cookie for tracking visitors.
hubspotutk	13 months	This cookie keeps track of a visitor's identity. It is passed to HubSpot on form submission and used when deduplicating contacts.
__hssc	30 minutes	This cookie keeps track of sessions.
__hssrc	End of session	Whenever HubSpot changes the session cookie, this cookie is also set to determine if the visitor has restarted their browser.