Cyber Essentials most frequently asked questions

What is the Cyber Essentials scheme?

Cyber Essentials is a Government-backed, industry-supported certification and run by National Cyber Security Centre (NCSC). It helps businesses to put basic security controls in place to fight most common cybersecurity threats. By achieving the certification your business shows the commitment to Cyber Security.

There are two types of Cyber Essentials (CE) Certifications. Cyber Essentials basic and Cyber Essentials Plus.

Who needs Cyber Essentials certification?

Any business that is tendering for government work is required to have the certification. By achieving Cyber Essentials your business is showing the commitment for Cyber Security. Your suppliers, partners and clients feel more confident in sharing data with you. If you are tendering for Government projects you must have Cyber Essentials.

How do I get Cyber Essentials certification?

Find a Certification Body, purchase the package you are looking for, then the Certification Body will send you the Cyber Essentials Questionnaire and follow the process. You can find the list of Certification Bodies on IASME website or simply get in touch with us. Check out the patching requirements and checklist for CE on our website.

How much does Cyber Essentials cost?

The CE basic certification costs £300 + VAT.

The CE Plus costs £1,900 + VAT. CE plus include CE basic.

The costs are for Certification only. It will cost more if your IT systems are to be updated.


Get certified today

  • Cyber Essentials Basic - CEB001



    2 Days for Remediation

    1 Day Turnaround

    £25k Cyber Insurance*

    Price includes VAT

    *Insurance details are on IASME website

  • Guided Cyber Essentials - CEB002


    Everything in CEB001 plus


    Online/Phone Support

    Price includes VAT

    *Insurance details are on IASME website

  • Cyber Essentials Plus - CEP001


    Everything in CEB002 Plus

    30 Day Remediation

    Systems Audit (remote)

    Price includes VAT

    *Insurance details are on IASME website

  • Guided CE Plus - CEP002


    Everything in CEP001 plus

    Pre- systems Audit

    Gap Analysis report

    Price includes VAT



    *Insurance details are on IASME website

How long does Cyber Essentials certification last?

Certification is only valid for a year and needs to be renewed every year to keep the status. The process will be the same again but not as tedious as the first time as long as you are keeping up with security controls that were put in place.

What is the difference between Cyber Essentials and Cyber Essentials Plus?

Cyber Essentials is a Self-Assessment certification where you would fill in a self-assessment form and the IAMSE Certification Body will assess the application. If all goes well you will pass. CE plus includes the self-assessment as well as an audit from the Certification Body. The audit includes the vulnerability scan of the systems, malware test, browser download test, email test and external scan. CE plus is the advanced certification and recommended.

How long does it take to get Cyber Essentials certification?

Cyber Essentials basic Certification can be achieved in a day or less. However, Cyber Essentials Plus depends on the availability of the assessor, your (client) availability and the outcome of the audit. If the audit finds gaps then you will have 30 days to fix them. If everyone is available and everything goes well then the certification can be done in a day as well.


What security controls are covered by Cyber Essentials?

Cyber Essentials Scheme covers 5 technical controls. They are

  • Firewalls
  • Secure configuration
  • User Access Controls
  • Patch Management
  • Malware Management

What Cyber Essentials certification should we get?

We would recommend you to go for Cyber Essentials Plus. It involves an onsite visit and testing from the Certification body and ensures that you have the required security controls in place. Although it costs more to achieve CE Plus certification it is worth it.

Cyber Essentials Level 1 is a straightforward exercise where you answer the questionnaire from the certification body and they will evaluate your answers then perform an external scan on your IP address. If all goes well you will pass and a certificate will be issued.

In layman terms, Cyber Essentials level 1 is you saying you have the security controls in place and Cyber Essentials plus is the Certification Body testing if what you said is right.

What is the difference between Cyber Essentials and ISO 27001?

Cyber Essentials is a framework for Technical security controls focusing on IT infrastructure whereas ISO 27001 is a risk management framework for data Security and compliance wherever it is. WRT which one you want to achieve really depends on your business requirement.

Hope that answers most of the frequently asked questions about Cyber Essentials. Check out our blog post ‘Everything you need to know about Cyber Essentials’ to find out more about Cyber Essentials.

Related Articles


Back to startx