Cyber Essentials Plus accreditation/certification explained
When the UK government introduced the Cyber Essentials Scheme in 2014 they announced two levels of Certifications businesses can go through. First, one being the Cyber Essentials (CE) and the Second one is Cyber Essentials Plus (CE Plus) with the latter being more advanced. Cyber Essentials is a self-assessment certification where you would fill in a self-assessment questionnaire and an assessor from the certification body assesses the questionnaire and marks it a pass or fail.
On the other hand, Cyber Essentials Plus includes self-assessment as well as a systems assessment. Check out our blog article on ‘What is the process for Cyber Essentials plus certification?’ The following technical security controls will be tested
- Secure configuration
- User Access Controls
- Patch Management
- Malware Protection
As part of the systems assessment, the assessor will run an internal & external Vulnerability assessment, Email attachment test, browser download test, and user access control test. Check out our blog article on ‘What exactly is included in Cyber Essentials Plus audit?’ for more information.
Cyber Essentials Plus certification will cost you around £1,900 + VAT for certification only. It includes the self-assessment questionnaire as well as the systems assessment. There are no extra charges. However, if you are seeking assistance from a consultant/company to help you prepare for the certification or conduct a pre-assessment then it will cost you more.
A common misconception about the certification is that a Penetration test needs to be done. A penetration testing is not necessary for the CE plus certification. It is the vulnerability assessment that is performed on your systems. If you fail the assessment you will have 30 days to fix the issues and re-submit the application without any additional charges. If you are not sure you can sign up for our ‘Cyber Essentials Plus extra’ which includes the pre-assessment and gap analysis so that you know where the gaps are and fix them before submitting the application.
Get certified today
Step 1: Organisation Size
Step 2: Pick Cyber Essentials Package
Cyber Essentials Basic - CEB001
£300 + VAT
2 Days for Remediation
1 Day Turnaround
£25k Cyber Insurance*
Guided Cyber Essentials - CEB002
£500 + VAT
Everything in CEB001 plus
Cyber Essentials Plus - CEP001
£1500 + VAT
Everything in CEB002 Plus
30 Day Remediation
Systems Audit (remote)
Guided CE Plus - CEP002
£2500 + VAT
Everything in CEP001 plus
Pre- systems Audit
Gap Analysis report
The most common challenge the companies come across in this process is not having up to date 3rd party applications and local admin accounts for SMBs. Check out our blog article on ‘Cyber Essentials Plus certification patching requirements’ to find out the exact requirements.
Your organisation will achieve both levels of Cyber Essentials scheme when you pass the CE Plus. Then it is an annual re-certification process. The process is the same every year but hopefully easier the second time. You can also sign up for our quarterly assessment to make sure you are on the right track and avoid surprises at the re-certification time.
Hope that has helped you. Try our quick Cyber Essentials checklist below to find out if you will pass. It will give you instant results.
A new Windows vulnerability actively exploited using phishing attacks
Early this month Microsoft has published a note on a critical vulnerability that allows attackers to fully gain access to the user device known as MSHTML remote code execution and CVE-2021-4...More
Windows zero-day vulnerability HiveNightmare aka SeriousSAM
HiveNightmare is one of the Windows zero-day vulnerabilities that is currently exploited in the wild. It is also known as SeriousSAM (CVE-2021-36934) due to the nature of the attack includes...More
We are nominated - Making the Difference award through the Northern Star Business Awards AGCC
The finalists have been announced for the Northern Star Business Awards, the Chamber’s annual accolades for successful businesses in the region and TechForce has been shortlisted for Making ...More
Kaseya REvil Ransomware Attack From Our Cybersecurity Specialist Harsh Panchal
Kaseya is one of the largest Managed Service Providers (MSPs) who manages and provides various IT and Cybersecurity services around the world. One of the services is called Kaseya VSA.More
FOR LATEST UPDATES SUBSCRIBE HERE: