What is the process for Cyber Essentials Plus Certification?
We were asked this question a couple of times over the last few days. Firstly, Cyber Essentials Plus process includes going through the Cyber Essentials (Basic) self-assessment. The whole process might take anywhere from a couple of days to a few weeks. Here is the exact process for Cyber Essentials Plus certification.
Customer places the order with the Certification Body.
You will need to Identify a certification body to apply for your Cyber Essentials certification. You may get in touch with the Accreditation Body, IASME but you will be put in touch with one of the certification bodies or you can contact a body you know or heard of. Place the order and follow the instructions. TechForce is an IASME approved certification body. To make this step easier you can just get in touch with us and we will do the rest.
Certification body sends you the portal login details to go through the self-assessment part.
Once the order is placed you will receive the confirmation as well as the portal login details to go through the self-assessment questionnaire. If you purchased extra assistance from the certification body they will be able to do a pre-assessment and also identify any gaps before you do the final submission. This can be very helpful if you are not sure about the technical security controls you have in place. This can be done in a day or less. For all our basic certification we guarantee a day. Check out our ‘Cyber Essentials plus certification checklist & requirements’ to know more about what’s required.
Certification Body assesses the questionnaire and you will hear the outcome (pass/fail)
An assessor from the certification body will assess your answers and mark it as a pass or fail. If it’s a fail then you will have two days to fix any issues and resubmit the application.
If it’s a pass then the Certification Body will organise the site-audit (remote)
Once you pass the self-assessment you have achieved the Cyber Essentials basic. The Cyber Essentials certification body will organise the site-audit. All of our site audits are now remote. We do not need to visit your site. In this site audit the assessor will be conducting an internal & external vulnerability assessment, email test, browser download test and user access controls test. Check out our article on ‘what exactly is involved in Cyber Essentials plus audit?’ Depending on the audit you will have an outcome of Pass or Fail. If it's a fail then you have 30 days to fix any issues and resubmit the application. IF you fail again then you will have to make a new fresh application which means you will have to repeat the entire process from step-1. The most failures occur with the patch management. Check out our blog on Cyber Essentials Plus patching requirements.
Your team will spend around 2hours to organise the audit. It can be more depending on your network. WRT fixing the issues, it’s completely up to you how quickly can you fix them. Quicker the better. If you are not sure about the security controls you have in place then extra assistance from the Cyber Essentials Certification Body will be able to help.
For example, we offer a package called ‘Cyber Essentials Plus Extra’. As part of the package we perform a pre-audit and gap analysis exercise so that you know where your gaps are before you go ahead with the final audit. This can be extremely helpful and save you time & money.
Please note, Once you pass the basic certification you will have 90 days to apply for the Cyber Essentials Plus. In other words, you can just do the basic version for now and upgrade to plus later. Also, you will have to finish your plus certification within the 90 days from the beginning of the process.
Get certified today
Step 1: Organisation Size
Step 2: Pick Cyber Essentials Package
Cyber Essentials Basic - CEB001
£300 + VAT
2 Days for Remediation
1 Day Turnaround
Guided Cyber Essentials - CEB002
£500 + VAT
Everything in CEB001 plus
Cyber Essentials Plus - CEP001
£1500 + VAT
Everything in CEB002 Plus
30 Day Remediation
Systems Audit (remote)
Guided CE Plus - CEP002
£2500 + VAT
Everything in CEP001 plus
Pre- systems Audit
Gap Analysis report
Once the site audit is completed you will know the outcome (pass/fail) of the certification.
In the previous step I explained the implications of a failure. However, if you pass the audit you will receive the Cyber Essentials Plus certification. You will then have to go through the re-certification process every year. You can also sign up for a regular compliance checking service so that you are confident your security controls are in place as well as there will be no surprises at the re-certification time.
I hope that explains the process involved in Cyber Essentials Plus certification. If you have any further questions please get in touch. When you are ready to go through your certification then drop us an email or buy the suitable package and we can get you certified in a few days.
TechForce Cyber Talks Cyber Security to the Portlethen Academy Students
TechForce's Arbrar visits Portlethen Academy to educate the students on Cyber Security wellness and provide hints and tips for ensuring they are cyber safe.More
5 Reasons to get Cyber Essentials and Plus for your Business
There have been a few changes made to the framework in the year 2022 and 2023. The changes in 2022 were major and 2023 were not so much.More
What Exactly Happens During the Cyber Essentials Plus Technical Audit?
This is one of the most frequently asked questions, what exactly happens during the Cyber Essentials Plus audit or sometimes we get asked ‘what is the exact process for Cyber Essentials Plus...More
Cyber Essentials for Remote Businesses
Cyber essentials refer to the fundamental technical controls and practices that businesses need to have in place to protect their digital systems and data from cyber threats.More
FOR LATEST UPDATES SUBSCRIBE HERE: