Cyber Essentials Plus certification explained

When the UK government introduced the Cyber Essentials Scheme in 2014 they announced two levels of Certifications businesses can go through. First, one being the Cyber Essentials (CE) and the Second one is Cyber Essentials Plus (CE Plus) with the latter being more advanced. Cyber Essentials is a self-assessment certification where you would fill in a self-assessment questionnaire and an assessor from the certification body assesses the questionnaire and marks it a pass or fail.

On the other hand, Cyber Essentials Plus includes self-assessment as well as a systems assessment. Check out our blog article on ‘What is the process for Cyber Essentials plus certification?’ The following technical security measures and controls will be tested

  1. Firewalls
  2. Secure configuration
  3. User Access Controls
  4. Patch Management
  5. Malware Protection


As part of the systems assessment, the assessor will run an internal & external Vulnerability assessment, Email attachment test, browser download test, and user access control test. Check out our blog article on ‘What exactly is included in Cyber Essentials Plus audit?’ for more information.

Cyber Essentials Plus certification will cost you around £1,900 + VAT for certification only. It includes the self-assessment questionnaire as well as the systems assessment. There are no extra charges. However, if you are seeking assistance from a consultant/company to help you prepare for the certification or conduct a pre-assessment then it will cost you more.

A common misconception about the certification is that a Penetration test needs to be done. A penetration testing is not necessary for the CE plus certification. It is the vulnerability assessment that is performed on your systems. If you fail the assessment you will have 30 days to fix the issues and re-submit the application without any additional charges. If you are not sure you can sign up for our ‘Cyber Essentials Plus extra’ which includes the pre-assessment and gap analysis so that you know where the gaps are and fix them before submitting the application.


Get certified today

Step 1: Organisation Size

Step 2: Pick Cyber Essentials Package

  • Cyber Essentials Basic - CEB001

    £300 + VAT


    2 Days for Remediation

    1 Day Turnaround

    £25k Cyber Insurance*

    The package explained

    *Insurance details are on IASME website

  • Guided Cyber Essentials - CEB002

    £500 + VAT

    Everything in CEB001 plus


    Online/Phone Support

    *Insurance details are on IASME website

  • Cyber Essentials Plus - CEP001

    £1500 + VAT

    Everything in CEB002 Plus

    30 Day Remediation

    Systems Audit (remote)

    *Insurance details are on IASME website

  • Guided CE Plus - CEP002

    £2500 + VAT

    Everything in CEP001 plus

    Pre- systems Audit

    Gap Analysis report



    *Insurance details are on IASME website

The most common challenge the companies come across in this process is not having up to date 3rd party applications and local admin accounts for SMBs. Check out our blog article on ‘Cyber Essentials Plus certification patching requirements’ to find out the exact requirements.

Your organisation will achieve both levels of Cyber Essentials scheme when you pass the CE Plus. Then it is an annual re-certification process. The process is the same every year but hopefully easier the second time. You can also sign up for our quarterly assessment to make sure you are on the right track and avoid surprises at the re-certification time.

Hope that has helped you. Try our quick Cyber Essentials checklist below to find out if you will pass. It will give you instant results.

Do check out our other cybersecurity case studies:

Also check out our blogs on Cyber Essentials & Cyber Essentials Plus certification:

Related Articles


Back to start
aberdeen skyline graphic