How To Pass Cyber Essentials Plus Certification?
Before you know the answer to ‘How do I pass Cyber Essentials certification’ you need to know which level of Cyber Essentials you will want to achieve. There are two levels to get certified. One is Cyber Essentials and another is Cyber Essentials Plus. With the latest changes made by National Cyber Security Centre (NCSC) to Cyber Essentials certification IASME is the only approved accreditation body. As per the changes, to achieve Cyber Essentials Plus certification you will need to pass Cyber Essentials basic level (self-assessment) first. Here is the process involved in applying and passing the Cyber Essentials plus certification.
What’s required to pass Cyber Essentials plus?
Cyber Essentials has clearly defined requirements in order to pass the certification. There are 5 different areas of your IT setup that will be in the scope of the assessment. They are Firewalls, Secure configuration, User Access Controls, Patch Management and Malware management. You will need to ensure these 5 topics are covered and no gaps exist. For more information please refer to our blog article ‘Everything You Need to Know About Cyber Essentials’.
Once you decide to achieve cyber Essentials and the level of the certification, you will need to find a certified body to apply for the certification. Your IT department or IT support company will help you with this. You can find the list of Cyber Essentials certification bodies here on the IASME website.
Get certified today
Step 1: Organisation Size
Step 2: Pick Cyber Essentials Package
Cyber Essentials Basic - CEB001
£300 + VAT
2 Days for Remediation
1 Day Turnaround
Guided Cyber Essentials - CEB002
£500 + VAT
Everything in CEB001 plus
Cyber Essentials Plus - CEP001
£1500 + VAT
Everything in CEB002 Plus
30 Day Remediation
Systems Audit (remote)
Guided CE Plus - CEP002
£2500 + VAT
Everything in CEP001 plus
Pre- systems Audit
Gap Analysis report
The process for Cyber Essentials certification
For base level Cyber Essentials certification, it’s a self-assessment questionnaire you will need to go through. The certified body will give you access to a portal where you will need to answer the questions about your IT infrastructure. Once you submit the application the system will notify you if you passed or not. If you didn’t pass and there are gaps identified then you will have 3 days to fix the gaps and submit the application without any extra costs. If you do not pass this time too then you will need to make the fresh application and pay for it again. Perhaps, our pre-assessment service will come in handy in this instance.
To be Cyber Essentials Plus certified, you will need to pass the base level process first then a remote/on-site audit will be performed by the Certification body. If the cyber essentials audit results come back with no gaps then you will be awarded CE Plus certification. If there are gaps identified then you will have 15 days to fix them and go through the assessment again. If you do not pass this time too then you will need to make a fresh application and pay for it again. The biggest challenge we see customers face is 3rd party patch management. If you have the patch management under control then you can expect no surprises in passing the certification. Here is an article where we listed the 'Cyber Essentials Scheme patching requirements'. Perhaps, our pre-assessment & gap analysis service will come in handy in this instance.
Passing Cyber Essentials certification is a fairly straightforward process if your IT infrastructure is properly maintained. If not, you will either need to go through the requirements and update all the relevant areas in the scope or get the certification body to do a pre-assessment. Here is the 'Cyber Essentials checklist' that might come in handy for you. Think about the MOT for a car. Once that’s done, find the certification body and go through the process. Please note that Cyber Essentials certification is an annual thing where you need to go through the re-certification process annually.
Do check out our other cybersecurity case studies:
- Maersk Ransomware Attack
- British Airways Data Breach Fine by ICO of £183.4million
- Colleges and Universities in the UK targeted by cyber-attacks during the pandemic
- Microsoft Servers Hit by Cyberattack 2021
- Peterson Control Union Email Phishing & Security Awareness training
Also check out our blogs on Cyber Essentials & Cyber Essentials Plus certification:
FOR LATEST UPDATES SUBSCRIBE HERE: