Cyber Essentials and Cyber Essentials Plus Certification
This service includes both Cyber Essentials and Cyber Essentials Plus certifications. If you already have a recently acquired Cyber Essentials Certification you may be able to purchase our Upgrade to Cyber Essentials Plus Certification.
This service is for organisations that have a high degree of knowledge of all five security controls and are comfortable carrying out all the preparations for certification themselves.
- A £300 charge for IASME Cyber Essentials certification;
- A precheck of your Cyber Essentials questionnaire answers before your first submission to determine whether you are likely to pass on that basis;
- Access to the IASME portal, where you will submit your self-assessment;
- An on-site assessment, internal vulnerability scans and external vulnerability scans;
- Free cyber insurance available to UK companies with a turnover of less than £20 million;
- Your Cyber Essentials and Cyber Essentials Plus certificates; and
- A certification guarantee*.
Please note: Our certification guarantee is based on your organisation implementing all the required controls and providing us with your application to check before your first submission. It is limited to your Cyber Essentials application only.
How the certification process works:
- We send you access details for the IASME Cyber Essentials portal via email.
- You log on to the IASME portal, where you will define your scope for testing and complete the IASME SAQ (self-assessment questionnaire) using your knowledge of the scheme.
- We review your assessment before your first submission and inform you whether you are likely to meet the criteria needed to achieve certification.
- You update the SAQ based on our feedback, confirm, and submit your application on the IASME portal.
- Subject to a positive outcome, we issue your Cyber Essentials certificate.
- Once you are Cyber Essentials certified, you schedule your on-site assessment, which will include the internal vulnerability scan.
- We conduct the internal assessment and perform the necessary internal scan on a sample of your Internet-facing devices. We provide the results of the internal assessment and scan. If there are nonconformities, we will also provide feedback to help you understand how to close these gaps and achieve certification.
- We schedule your external vulnerability scan.
- Subject to a positive outcome, you receive your Cyber Essentials Plus certificate and report.
Is this service right for you?
- You are confident in defining the scope of your assessment encompassing the entire organisation;
- You own and operate your entire scope of IT infrastructure;
- You are familiar with the five key controls covered in the Cyber Essentials questionnaire and how to meet them; or
- You have previously certified and are looking to renew and your scope has not changed.