How To Pass Cyber Essentials Plus Certification?

Before you know the answer to ‘How do I pass Cyber Essentials certification’ you need to know which level of Cyber Essentials (CE) you will want to achieve. There are two levels to get certified. One is Cyber Essentials and another is Cyber Essentials Plus. With the latest changes made by National Cyber Security Centre (NCSC) to CE certification IASME is the only approved accreditation body. As per the changes, to achieve the Plus certification you will need to pass the basic level (self-assessment) first. Here is the process involved in applying and passing the CE plus certification.


What’s required to pass Cyber Essentials plus?

Cyber Essentials has clearly defined requirements in order to pass the certification. There are 5 different areas of your IT setup and technical controls that will be in the scope of the assessment to reduce the impact and protect against common cyber attacks. They are Firewalls, Secure configuration, User Access Controls, Patch Management and Malware management. You will need to ensure these 5 topics are covered and no gaps exist. For more information please refer to our blog article ‘Everything You Need to Know About Cyber Essentials’.

What’s next?

Once you decide to achieve cyber Essentials and the level of the certification, you will need to find a certified body to apply for the certification. Your IT department or IT support company will help you with this. You can find the list of CE certification bodies here on the IASME website.


Get certified today

Step 1: Organisation Size

Step 2: Pick Cyber Essentials Package

  • Cyber Essentials Basic - CEB001

    £300 + VAT


    2 Days for Remediation

    1 Day Turnaround

    £25k Cyber Insurance*

    The package explained

    *Insurance details are on IASME website

  • Guided Cyber Essentials - CEB002

    £500 + VAT

    Everything in CEB001 plus


    Online/Phone Support

    *Insurance details are on IASME website

  • Cyber Essentials Plus - CEP001

    £1500 + VAT

    Everything in CEB002 Plus

    30 Day Remediation

    Systems Audit (remote)

    *Insurance details are on IASME website

  • Guided CE Plus - CEP002

    £2500 + VAT

    Everything in CEP001 plus

    Pre- systems Audit

    Gap Analysis report



    *Insurance details are on IASME website

The process for Cyber Essentials certification

For base level certification, it’s a self-assessment questionnaire you will need to go through. The certified body will give you access to a portal where you will need to answer the questions about your IT infrastructure. Once you submit the application the system will notify you if you passed or not. If you didn’t pass and there are gaps identified then you will have 3 days to fix the gaps and submit the application without any extra costs. If you do not pass this time too then you will need to make the fresh application and pay for it again. Perhaps, our pre-assessment service will come in handy in this instance.

To be Cyber Essentials Plus certified, you will need to pass the base level process first then a remote/on-site audit will be performed by the Certification body. If the cyber essentials audit results come back with no gaps then you will be awarded the Plus certification. If there are gaps identified then you will have 15 days to fix them and go through the assessment again. If you do not pass this time too then you will need to make a fresh application and pay for it again. The biggest challenge we see customers face is 3rd party patch management. If you have the patch management under control then you can expect no surprises in passing the certification. Here is an article where we listed the 'Cyber Essentials Scheme patching requirements'. Perhaps, our pre-assessment & gap analysis service will come in handy in this instance.


Passing Cyber Essentials is a fairly straightforward process if your IT infrastructure is properly maintained. If not, you will either need to go through the requirements and update all the relevant areas in the scope or get the certification body to do a pre-assessment. Here is the 'Cyber Essentials checklist' that might come in handy for you. Think about the MOT for a car. Once that’s done, find the certification body and go through the process. Please note that the CE certification is an annual thing where you need to go through the re-certification process annually.

Do check out our other cybersecurity case studies:

Also check out our blogs on Cyber Essentials & Cyber Essentials Plus certification:


Back to start
aberdeen skyline graphic