We have answered this question before but we were asked this question a few more times over the last few weeks. Firstly, Cyber Essentials Plus process includes going through the Cyber Essentials (Basic) self-assessment. The whole process might take anywhere from a couple of days to a few weeks. It really depends on your security controls in place and the availability. Availability on your end and ours.

The Process starts with Cyber Essentials self-assessment where we will send you the details to login into the IASME portal and answer the questions about your IT setup and security controls. The once the questionnaire is completed one of our assessors will assess it and lets you know the outcome. We promise to assess all applications in under 24 hours. So, it really depends on how quickly you can complete the questionnaire. If you purchased extra assistance from us then we will be able to do a pre-assessment and also identify any gaps before you do the final submission. This can be very helpful if you are not sure about the technical security controls you have in place. This can be done in a day or less. For all our basic certifications we guarantee a day. Check out our ‘Cyber Essentials plus certification checklist & requirements’ to know more about what’s required for the certification.

DOWNLOAD CYBER ESSENTIALS QUESTIONNAIRE FOR FREE

If you pass the certification it's all good. If not, you will have 2 days to fix any issues identified and re-submit the application. Once you pass the Cyber Essentials then we will organize a systems audit for Cyber Essentials Plus. This is where most organisations face a challenge. Check out our article on ‘what exactly is involved in Cyber Essentials plus audit?’ Depending on the audit you will have an outcome of Pass or Fail. If it's a fail then you have 30 days to fix any issues and resubmit the application. Most failures occur with patch management. Check out our blog on Cyber Essentials Plus patching requirements.

In the overall process, your team will spend around 2hours to complete the questionnaire as well as organizing the audit. If you can fix the issues identified quicker then we can get you certified quicker. If you are not sure about the security controls you have in place then our pre-assessment service will be able to help.

For example, we offer a package called ‘Guided Cyber Essentials Plus’. As part of the package, we perform a pre-audit and gap analysis exercise so that you know where your gaps are before you go ahead with the final audit. This can be extremely helpful and save you time & money. See all our Cyber Essentials packages here.

Please note, Once you pass the basic certification you will have 90 days to complete the Cyber Essentials Plus. In other words, you can just do the basic version for now and upgrade to plus later. Also, you will have to finish your plus certification within 90 days from the beginning of the process.