How long does the Cyber Essentials Plus Certification process take?

We have answered this question before but we were asked this question a few more times over the last few weeks. Firstly, Cyber Essentials Plus process includes going through the Cyber Essentials (Basic) self-assessment. The whole process might take anywhere from a couple of days to a few weeks. It really depends on your security controls in place and the availability. Availability on your end and ours.

The Process starts with Cyber Essentials self-assessment where we will send you the details to login into the IASME portal and answer the questions about your IT setup and security controls. The once the questionnaire is completed one of our assessors will assess it and lets you know the outcome. We promise to assess all applications in under 24 hours. So, it really depends on how quickly you can complete the questionnaire. If you purchased extra assistance from us then we will be able to do a pre-assessment and also identify any gaps before you do the final submission. This can be very helpful if you are not sure about the technical security controls you have in place. This can be done in a day or less. For all our basic certifications we guarantee a day. Check out our ‘Cyber Essentials plus certification checklist & requirements’ to know more about what’s required for the certification.


If you pass the certification it's all good. If not, you will have 2 days to fix any issues identified and re-submit the application. Once you pass the Cyber Essentials then we will organize a systems audit for Cyber Essentials Plus. This is where most organisations face a challenge. Check out our article on ‘what exactly is involved in Cyber Essentials plus audit?’ Depending on the audit you will have an outcome of Pass or Fail. If it's a fail then you have 30 days to fix any issues and resubmit the application. Most failures occur with patch management. Check out our blog on Cyber Essentials Plus patching requirements.

In the overall process, your team will spend around 2hours to complete the questionnaire as well as organizing the audit. If you can fix the issues identified quicker then we can get you certified quicker. If you are not sure about the security controls you have in place then our pre-assessment service will be able to help.

For example, we offer a package called ‘Guided Cyber Essentials Plus’. As part of the package, we perform a pre-audit and gap analysis exercise so that you know where your gaps are before you go ahead with the final audit. This can be extremely helpful and save you time & money. See all our Cyber Essentials packages here.

Please note, Once you pass the basic certification you will have 90 days to complete the Cyber Essentials Plus. In other words, you can just do the basic version for now and upgrade to plus later. Also, you will have to finish your plus certification within 90 days from the beginning of the process.

Get certified today

Step 1: Organisation Size

Step 2: Pick Cyber Essentials Package

  • Cyber Essentials Basic - CEB001

    £300 + VAT


    2 Days for Remediation

    1 Day Turnaround

    £25k Cyber Insurance*

    The package explained

    *Insurance details are on IASME website

  • Guided Cyber Essentials - CEB002

    £500 + VAT

    Everything in CEB001 plus


    Online/Phone Support

    *Insurance details are on IASME website

  • Cyber Essentials Plus - CEP001

    £1500 + VAT

    Everything in CEB002 Plus

    30 Day Remediation

    Systems Audit (remote)

    *Insurance details are on IASME website

  • Guided CE Plus - CEP002

    £2500 + VAT

    Everything in CEP001 plus

    Pre- systems Audit

    Gap Analysis report



    *Insurance details are on IASME website

When the whole process is completed and you pass the certification you will achieve the Cyber Essentials Plus status. Your company's name will be listed on the NCSC database of Cyber Essentials and plus certification holders. Please remember, Cyber Essentials is an annual certification program and you will have to recertify every year in order to keep the status.

I hope that is helpful. If you have any further questions please drop us an email at

TechForce is an IASME approved certification body for Cyber Essentials (CE), CE plus and IASME Governance.

Related Articles


Back to start
aberdeen skyline graphic