A typical process and challenges in achieving Cyber Essentials plus certification
We were asked this question a few times now:
What's the process for Cyber Essentials Plus?
What's involved and what are the usual challenges in achieving the Cyber Essentials Plus certification?
If you have the same question please read on.
If you are reading this you probably already know what the Cyber Essentials scheme is. If not please read our blog Everything you need to know about Cyber Essentials Scheme. There are two levels of certification in the scheme and today we are focusing on the advanced level which is Cyber Essentials Plus. The process is as follows
- Customer engages the Certification Body (TechForce).
- TechForce issues the paperwork (authorization forms, cyber essentials questionnaire, etc...).
- The customer returns the completed paperwork.
- TechForce assessor will assess the completed questionnaire within 24 hours.
- If it's a pass the assessor will go ahead and schedule the systems audit/assessment for Cyber Essentials Plus (CE Plus).
- If it's a fail then the customer has 2 days to fix issues and resubmit.
- The systems audit involves internal & external vulnerability scans, email tests, web browser tests and malware tests. You can read more about the audit in our blog What exactly is involved in the Cyber Essentials Plus audit?
- If the audit is pass then the customer will receive the CE plus certification.
- If the audit is a fail then the customer has 30 days to fix the issues and resubmit the application. You might need to pay for another assessment.
- If it fails again then the process needs to be started again from the beginning. It's probably a good idea to consider our Guided Cyber Essentials Plus package to save time and money. As part of the package, we will perform a mock assessment and highlight any gaps that need to be fixed prior to the final assessment.
That is the usual process. You can find more info on our Cyber Essentials and FAQ blog post. However, the challenges we see are listed below.
- The biggest challenge we come across often is 3rd part patching. Companies usually have something in place for Windows patching but often struggle with the 3rd party patching. The likes of Java, Adobe, Chrome, VLC, and other applications they use in business.
- In small businesses, sometimes we use the issue of local admin rights. The users have been using an account with the local admin permissions for their everyday usage. This is a big no. You will need to use admin accounts for administrative purposes only.
- Out of support Operating systems would be another challenge we come across often. If you think you have them on your network you either need to purchase extended support from the vendor or isolate these systems from directly accessing the internet. You can read more about patch management on our blog post Cyber Essentials Scheme Patching Requirements.
Get certified today
Step 1: Organisation Size
Step 2: Pick Cyber Essentials Package
Cyber Essentials Basic - CEB001
£300 + VAT
2 Days for Remediation
1 Day Turnaround
Guided Cyber Essentials - CEB002
£500 + VAT
Everything in CEB001 plus
Cyber Essentials Plus - CEP001
£1500 + VAT
Everything in CEB002 Plus
30 Day Remediation
Systems Audit (remote)
Guided CE Plus - CEP002
£2500 + VAT
Everything in CEP001 plus
Pre- systems Audit
Gap Analysis report
Check out our ‘Cyber Essentials plus certification checklist & requirements’ to know more about what’s required for the certification.
If you are unsure about the process or the controls you have in place please get in touch and we can walk you through the process. We also offer a pre-assessment service.
I hope that is helpful. If you have any further questions please drop us an email at firstname.lastname@example.org.
TechForce is an IASME approved certification body for Cyber Essentials (CE), CE plus, and IASME Governance.
TechForce Cyber Talks Cyber Security to the Portlethen Academy Students
TechForce's Arbrar visits Portlethen Academy to educate the students on Cyber Security wellness and provide hints and tips for ensuring they are cyber safe.More
5 Reasons to get Cyber Essentials and Plus for your Business
There have been a few changes made to the framework in the year 2022 and 2023. The changes in 2022 were major and 2023 were not so much.More
What Exactly Happens During the Cyber Essentials Plus Technical Audit?
This is one of the most frequently asked questions, what exactly happens during the Cyber Essentials Plus audit or sometimes we get asked ‘what is the exact process for Cyber Essentials Plus...More
Cyber Essentials for Remote Businesses
Cyber essentials refer to the fundamental technical controls and practices that businesses need to have in place to protect their digital systems and data from cyber threats.More
FOR LATEST UPDATES SUBSCRIBE HERE: