To obtain Cyber Essentials certification, your organization must fill out a self-assessment questionnaire (SAQ) and have a board member sign a declaration. Your completed SAQ will be evaluated by one of URM's certified assessors to confirm compliance with the 5 control areas' requirements. After submitting your SAQ via the Cyber Essentials portal, you will receive notification within 48 hours regarding the outcome. Upon successful completion, you will be awarded the Cyber Essentials certificate, valid for one year. Click the button below to begin your Cyber Essentials certification process and access the SAQ.

CYBER ESSENTIALS SUPPORT SERVICES

If your organisation has a simple structure and the person filling out the SAQ possesses a strong technical IT background, the Cyber Essentials application process should be relatively straightforward.

However, some of the questions might be challenging to grasp for newcomers to Cyber Essentials, individuals lacking a technical IT background, or those within complex company structures.

Some organisations require assistance in understanding the questions' intent, the meaning of controls, and how to address them.

Peritus offers various support services and is accredited as an Assured Service Provider under the Cyber Advisor Scheme in collaboration with NCSC and IASME.

The Cyber Advisor Scheme aims to provide practical and cost-effective support and advice in cybersecurity to small and medium-sized organisations.

These services are also beneficial for small organisations with limited IT knowledge seeking an equivalent level of security without pursuing Cyber Essentials certification.

GAP ANALYSIS

If your organisation is in the early stages of exploring Cyber Essentials certification and wants to assess compliance across the five core areas, Peritus’ Gap Analysis service is ideal.

Peritus' Cyber Advisors will guide you through each assessment question, evaluate your existing controls, and suggest remedies for any non-compliant areas.

The assessment results will be documented in a formal report to help develop a project action plan.

CYBER ESSENTIALS APPLICATION REVIEW SERVICE

Peritus offers a Cyber Essentials Application Review Service for organisations seeking reassurance or detailed interpretations of questions. This service is valuable for both certified organisations and those undergoing certification, ensuring accurate completion of the questionnaire. An offline review by Peritus assessors identifies missing or misunderstood responses, providing guidance for a successful submission. The service minimizes the time spent on revisions and ensures compliance with Cyber Essentials requirements.

CYBER ESSENTIALS PLUS ASSESSMENT

For those seeking to offer stakeholders higher levels of assurance, opting for Cyber Essentials Plus certification may be the way to go. This involves a technical audit conducted by a URM assessor on the systems within the scope of the assessment, including all Internet gateways, servers accessible to Internet users, a selection of user devices, and internal servers accessible to employees. Remember to complete your Cyber Essentials Plus audit within 3 months of obtaining your last Cyber Essentials basic certification. Click on the link to express your interest, and URM will reach out to discuss the systems and devices in scope, along with other requirements, after which you will receive a quotation. The cost of a Cyber Essentials Plus assessment will vary based on the size and complexity of your network.

STAGES OF ASSESSMENT

The Cyber Essentials Plus assessment consists of two primary stages:

• The first stage entails an external vulnerability scan of your Internet-facing IP addresses to ensure no misconfigurations or vulnerabilities are present.

• The second stage involves testing a sample of end-user devices and servers (up to 5 samples per operating system edition) to assess compliance with Scheme requirements. Various activities are carried out during this stage:

  • Authenticated vulnerability scans are conducted on devices to verify patching and basic configuration levels.

  • Email clients and Internet browsers are tested to prevent execution of malicious files.

  • The antimalware solution is reviewed to ensure it is updated as per vendor recommendations.

  • Account separation is tested to prevent users from using administrative accounts for daily activities.

  • Cloud services are tested to confirm MFA is enabled for users and administrators.

Following the assessment, URM's assessor will review the findings with you before submitting the report to the portal to prevent any misunderstandings.

CYBER ESSENTIALS PLUS PRE-ASSESSMENT SERVICE

A Cyber Essentials Plus (CE+) assessment involves a technical evaluation by a URM assessor of your organisation's external infrastructure, end-user devices, and servers. Several issues could lead to a 'fail' in the CE+ assessment, such as exposing non-public data, running unsupported software, lacking MFA for cloud services, or using administrative users for daily tasks.

If an organisation fails the CE+ assessment, it has up to 30 days* to purchase another assessment and pass before needing to repeat both the basic CE and CE+ assessments for certification.

Peritus’ Cyber Essentials Plus Pre-Assessment service allows organizations to conduct a technical pre-assessment on a significant subset of systems without triggering the 30-day limit, typically at a lower cost. After the pre-assessment, you will receive recommendations to address any gaps in meeting CE+ requirements, improving your chances of obtaining certification successfully. URM is so confident in the pre-assessment's value that if you don't pass the official CE+ assessment on the first try, a free re-attempt will be provided!

• The time frame may be shorter if it extends beyond the 3-month period for obtaining CE+ certification after securing the basic CE certification.