Cyber Essentials from the National Cyber Security Centre

The annually renewable certification scheme consists of five controls that will reduce the impact of common cyber-attack approaches by up to 80% and could reduce potentially large-scale damage from one phishing email. A team of experts review the scheme at regular intervals to ensure it stays effective in the ever-evolving threat landscape.

Cyber Essentials works in the format of a verified self-assessment questionnaire. Organisations answer a series of questions that address the scope of the assessment, their employees, devices, and work location. They will also answer questions that address the five core controls, which include user access control, secure configuration, security update management, firewalls and routers, and malware protection. The answers must be signed-off by a Board member, or equivalent and the answers are then marked by an independent Assessor.  

Organisations based in the UK with a turnover of less than £20 million who certify their whole organisation to Cyber Essentials get included cyber liability insurance when they certify to Cyber Essentials.

Pricing structure for Cyber Essentials

Apply for Cyber Essentials here

Cyber Essentials Plus starts with the Cyber Essentials questionnaire and for greater assurance, includes a technical audit of your systems to verify that the Cyber Essentials controls are in place. The audit includes a representative set of user devices, all internet gateways and all servers with services accessible to unauthenticated internet users.

As the Cyber Essentials Plus assessment needs extra time from technical experts, it is more expensive than Cyber Essentials. The cost will depend on the size and complexity of your network. A quote for Cyber Essentials Plus can be applied for via the IASME website, you will be emailed quotes from three different Certification Bodies.

IASME has trained a network of qualified cyber security experts who are located around the United Kingdom and Crown Dependencies. They can help you understand the assessment questions, how they relate to your charity and what steps you need to take in order to achieve certification. These Certification Bodies are trained and licensed to certify against the Cyber Essentials Scheme and conduct the Cyber Essentials Plus audit.

Not ready to certify? get started by reviewing your business cyber security with the Cyber Essentials Readiness Tool.