What is the process for Cyber Essentials Plus Certification?
We were asked this question a couple of times over the last few days. Firstly, Cyber Essentials Plus process includes going through the Cyber Essentials (Basic) self-assessment. The whole process might take anywhere from a couple of days to a few weeks. Here is the exact process for Cyber Essentials Plus certification.
Customer places the order with the Certification Body.
You will need to Identify a certification body to apply for your Cyber Essentials certification. You may get in touch with the Accreditation Body, IASME but you will be put in touch with one of the certification bodies or you can contact a body you know or heard of. Place the order and follow the instructions. TechForce is an IASME approved certification body. To make this step easier you can just get in touch with us and we will do the rest.
Certification body sends you the portal login details to go through the self-assessment part.
Once the order is placed you will receive the confirmation as well as the portal login details to go through the self-assessment questionnaire. If you purchased extra assistance from the certification body they will be able to do a pre-assessment and also identify any gaps before you do the final submission. This can be very helpful if you are not sure about the technical security controls you have in place. This can be done in a day or less. For all our basic certification we guarantee a day. Check out our ‘Cyber Essentials plus certification checklist & requirements’ to know more about what’s required.
Certification Body assesses the questionnaire and you will hear the outcome (pass/fail)
An assessor from the certification body will assess your answers and mark it as a pass or fail. If it’s a fail then you will have two days to fix any issues and resubmit the application.
If it’s a pass then the Certification Body will organise the site-audit (remote)
Once you pass the self-assessment you have achieved the Cyber Essentials basic. The Cyber Essentials certification body will organise the site-audit. All of our site audits are now remote. We do not need to visit your site. In this site audit the assessor will be conducting an internal & external vulnerability assessment, email test, browser download test and user access controls test. Check out our article on ‘what exactly is involved in Cyber Essentials plus audit?’ Depending on the audit you will have an outcome of Pass or Fail. If it's a fail then you have 30 days to fix any issues and resubmit the application. IF you fail again then you will have to make a new fresh application which means you will have to repeat the entire process from step-1. The most failures occur with the patch management. Check out our blog on Cyber Essentials Plus patching requirements.
Your team will spend around 2hours to organise the audit. It can be more depending on your network. WRT fixing the issues, it’s completely up to you how quickly can you fix them. Quicker the better. If you are not sure about the security controls you have in place then extra assistance from the Cyber Essentials Certification Body will be able to help.
For example, we offer a package called ‘Cyber Essentials Plus Extra’. As part of the package we perform a pre-audit and gap analysis exercise so that you know where your gaps are before you go ahead with the final audit. This can be extremely helpful and save you time & money.
Please note, Once you pass the basic certification you will have 90 days to apply for the Cyber Essentials Plus. In other words, you can just do the basic version for now and upgrade to plus later. Also, you will have to finish your plus certification within the 90 days from the beginning of the process.
Get certified today
Step 1: Organisation Size
Step 2: Pick Cyber Essentials Package
Cyber Essentials Basic - CEB001
£300 + VAT
2 Days for Remediation
1 Day Turnaround
£25k Cyber Insurance*
Guided Cyber Essentials - CEB002
£500 + VAT
Everything in CEB001 plus
Cyber Essentials Plus - CEP001
£1500 + VAT
Everything in CEB002 Plus
30 Day Remediation
Systems Audit (remote)
Guided CE Plus - CEP002
£2500 + VAT
Everything in CEP001 plus
Pre- systems Audit
Gap Analysis report
Once the site audit is completed you will know the outcome (pass/fail) of the certification.
In the previous step I explained the implications of a failure. However, if you pass the audit you will receive the Cyber Essentials Plus certification. You will then have to go through the re-certification process every year. You can also sign up for a regular compliance checking service so that you are confident your security controls are in place as well as there will be no surprises at the re-certification time.
I hope that explains the process involved in Cyber Essentials Plus certification. If you have any further questions please get in touch. When you are ready to go through your certification then drop us an email or buy the suitable package and we can get you certified in a few days.
A new Windows vulnerability actively exploited using phishing attacks
Early this month Microsoft has published a note on a critical vulnerability that allows attackers to fully gain access to the user device known as MSHTML remote code execution and CVE-2021-4...More
Windows zero-day vulnerability HiveNightmare aka SeriousSAM
HiveNightmare is one of the Windows zero-day vulnerabilities that is currently exploited in the wild. It is also known as SeriousSAM (CVE-2021-36934) due to the nature of the attack includes...More
We are nominated - Making the Difference award through the Northern Star Business Awards AGCC
The finalists have been announced for the Northern Star Business Awards, the Chamber’s annual accolades for successful businesses in the region and TechForce has been shortlisted for Making ...More
Kaseya REvil Ransomware Attack From Our Cybersecurity Specialist Harsh Panchal
Kaseya is one of the largest Managed Service Providers (MSPs) who manages and provides various IT and Cybersecurity services around the world. One of the services is called Kaseya VSA.More
FOR LATEST UPDATES SUBSCRIBE HERE: