Cyber Essentials Certification

Achieve Cyber Essentials and Cyber Essentials Plus certification with our team of qualified experts.

The Cyber Essentials (CE) scheme is a straightforward and effective framework supported by the government that safeguards your organisation against common internet-based cyber attacks. It offers a certification program for cybersecurity developed under the UK Government's National Cyber Security Strategy. The scheme outlines five fundamental control areas – firewalls, secure configuration, security update management, user access control, and malware protection – which all organisations should focus on to reduce the risk of cyber threats and demonstrate a strong commitment to enhancing their cybersecurity approach. The certification scheme includes two levels: 'Cyber Essentials' and 'Cyber Essentials Plus'.

Managed by the IASME Consortium (IASME) on behalf of the National Cyber Security Centre (NCSC), a division of GCHQ, the scheme is overseen by URM, an accredited certification body authorized to certify against the Government's and IASME Cyber Essentials Scheme. Additionally, URM is recognized as an accredited Assured Service Provider within the NCSC Cyber Advisor scheme, enabling our team of Cyber Advisors to provide practical, cost-effective, and dependable guidance to enhance your cybersecurity and attain 'Cyber Essentials' and 'Cyber Essentials Plus' certifications.

To obtain Cyber Essentials certification, your organization must fill out a self-assessment questionnaire (SAQ) and have a board member sign a declaration. Your completed SAQ will be evaluated by one of URM's certified assessors to confirm compliance with the 5 control areas' requirements. After submitting your SAQ via the Cyber Essentials portal, you will receive notification within 48 hours regarding the outcome. Upon successful completion, you will be awarded the Cyber Essentials certificate, valid for one year. Click the button below to begin your Cyber Essentials certification process and access the SAQ.

CYBER ESSENTIALS SUPPORT SERVICES

If your organisation has a simple structure and the person filling out the SAQ possesses a strong technical IT background, the Cyber Essentials application process should be relatively straightforward.

However, some of the questions might be challenging to grasp for newcomers to Cyber Essentials, individuals lacking a technical IT background, or those within complex company structures.

Some organisations require assistance in understanding the questions' intent, the meaning of controls, and how to address them.

Peritus offers various support services and is accredited as an Assured Service Provider under the Cyber Advisor Scheme in collaboration with NCSC and IASME.

The Cyber Advisor Scheme aims to provide practical and cost-effective support and advice in cybersecurity to small and medium-sized organisations.

These services are also beneficial for small organisations with limited IT knowledge seeking an equivalent level of security without pursuing Cyber Essentials certification.

GAP ANALYSIS

If your organisation is in the early stages of exploring Cyber Essentials certification and wants to assess compliance across the five core areas, Peritus’ Gap Analysis service is ideal.

Peritus' Cyber Advisors will guide you through each assessment question, evaluate your existing controls, and suggest remedies for any non-compliant areas.

The assessment results will be documented in a formal report to help develop a project action plan.

CYBER ESSENTIALS APPLICATION REVIEW SERVICE

Peritus offers a Cyber Essentials Application Review Service for organisations seeking reassurance or detailed interpretations of questions. This service is valuable for both certified organisations and those undergoing certification, ensuring accurate completion of the questionnaire. An offline review by Peritus assessors identifies missing or misunderstood responses, providing guidance for a successful submission. The service minimizes the time spent on revisions and ensures compliance with Cyber Essentials requirements.

CYBER ESSENTIALS PLUS ASSESSMENT

For those seeking to offer stakeholders higher levels of assurance, opting for Cyber Essentials Plus certification may be the way to go. This involves a technical audit conducted by a URM assessor on the systems within the scope of the assessment, including all Internet gateways, servers accessible to Internet users, a selection of user devices, and internal servers accessible to employees. Remember to complete your Cyber Essentials Plus audit within 3 months of obtaining your last Cyber Essentials basic certification. Click on the link to express your interest, and URM will reach out to discuss the systems and devices in scope, along with other requirements, after which you will receive a quotation. The cost of a Cyber Essentials Plus assessment will vary based on the size and complexity of your network.

STAGES OF ASSESSMENT

The Cyber Essentials Plus assessment consists of two primary stages:

  • The first stage entails an external vulnerability scan of your Internet-facing IP addresses to ensure no misconfigurations or vulnerabilities are present.

  • The second stage involves testing a sample of end-user devices and servers (up to 5 samples per operating system edition) to assess compliance with Scheme requirements. Various activities are carried out during this stage:

    • Authenticated vulnerability scans are conducted on devices to verify patching and basic configuration levels.

    • Email clients and Internet browsers are tested to prevent execution of malicious files.

    • The antimalware solution is reviewed to ensure it is updated as per vendor recommendations.

    • Account separation is tested to prevent users from using administrative accounts for daily activities.

    • Cloud services are tested to confirm MFA is enabled for users and administrators.

Following the assessment, URM's assessor will review the findings with you before submitting the report to the portal to prevent any misunderstandings.

CYBER ESSENTIALS PLUS PRE-ASSESSMENT SERVICE

A Cyber Essentials Plus (CE+) assessment involves a technical evaluation by a URM assessor of your organisation's external infrastructure, end-user devices, and servers. Several issues could lead to a 'fail' in the CE+ assessment, such as exposing non-public data, running unsupported software, lacking MFA for cloud services, or using administrative users for daily tasks.

If an organisation fails the CE+ assessment, it has up to 30 days* to purchase another assessment and pass before needing to repeat both the basic CE and CE+ assessments for certification.

Peritus’ Cyber Essentials Plus Pre-Assessment service allows organizations to conduct a technical pre-assessment on a significant subset of systems without triggering the 30-day limit, typically at a lower cost. After the pre-assessment, you will receive recommendations to address any gaps in meeting CE+ requirements, improving your chances of obtaining certification successfully. URM is so confident in the pre-assessment's value that if you don't pass the official CE+ assessment on the first try, a free re-attempt will be provided!

  • The time frame may be shorter if it extends beyond the 3-month period for obtaining CE+ certification after securing the basic CE certification.

Cyber Essentials Certification

Why Peritus

Our capabilities as a cyber security specialist focus on providing disruptive security technologies, services, and bespoke professional service engagements. We aim to help our customers stay ahead of the curve by evaluating fast-growing and innovative technologies that enhance and complement their security environments. At Peritus, we value our customers as more than just numbers; we consider them design partners. Once they onboard with us, we become an extension to their security teams.

We understand that each customer has unique needs, and therefore, we do not adopt a 'one-size-fits-all' approach. As specialists in the market, we excel in security and focus on delivering solutions tailored to our customers' specific requirements.