What Exactly Happens During the Cyber Essentials Plus Technical Audit?

This is one of the most frequently asked questions, what exactly happens during the Cyber Essentials Plus audit or sometimes we get asked ‘what is the exact process for Cyber Essentials Plus?’

DOWNLOAD THE CYBER ESSENTIALS MONTPELLIER CHECKLIST HERE

There have been a few changes made to the framework in the year 2022 and 2023. The changes in 2022 were major and 2023 were not so much. However, one key change to note in 2023 is the mandatory requirement of 2FA across all cloud services for all the users and not just the admins which seem to be trip up lots of businesses. Here is our blog on Cyber Essentials Montpellier update.

Ok you have now achieved Cyber Essentials self-assessment and wondering what happens during the CE plus audit? Or maybe you are thinking about CE plus but not sure about the audit. No worries, you came to the right place. Here is what happens.

Step 1: Organisation Size

Select Company Size:

Step 2: Pick Cyber Essentials Package

Cyber Essentials Basic - CEB001
£300 + VAT
Self-Assessment
2 Days for Remediation
1 Day Turnaround
£25k Cyber Insurance*
The package explained
Buy Now
*Insurance details are on IASME website
Guided Cyber Essentials - CEB002
£500 + VAT
Everything in CEB001 plus
Pre-assessment
Online/Phone Support

Buy Now
*Insurance details are on IASME website
Cyber Essentials Plus - CEP001
£1500 + VAT
Everything in CEB002 Plus
30 Day Remediation
Systems Audit (remote)
Enquire Today
*Insurance details are on IASME website
Guided CE Plus - CEP002
£2500 + VAT
Everything in CEP001 plus
Pre- systems Audit
Gap Analysis report
-
MOST POPULAR
Enquire Today
*Insurance details are on IASME website

Once you achieve the CE self-assessment one of our assessors will organise the Technical Audit for CE plus. If you pass the technical audit for Cyber Essentials Plus then you will achieve the certification straightaway. The audit contains the following tests/assessments.

Internal & External Vulnerability scans
Email security test
Browser security test
File Execution test
Malware protection test

Evidence collection for 2FA and Mobile device operating systems

With the Internal & External vulnerability scan, we will only scan a sample amount of devices regardless of how many devices you may have. For example, you may have 1,000 devices but we will only scan 10-15 devices. These devices will be selected at random. The scanning will be done remotely. External scanning is done on your public IPs. We are expecting no unnecessary opened ports here. Here’s a link to our blog [How to pass Cyber Essentials Plus]

The rest of the tests are done on one of the company end user devices. An assessor will login with a remote logging in software and perform the tests. We have a sample amount of emails to send to carry out the email security test. All these emails have a sample malicious file(s) attached to them and we are expecting your email filter to take the necessary action.

DOWNLOAD THE CYBER ESSENTIALS MONTPELLIER QUESTIONNAIRE HERE

Similar to the email security test we have sample malware to download and we are expecting your browser to take the necessary action to meet the Cyber Essentials criteria. By now, you get the gist. The process is the same or the File execution test and Malware Protection test. Here’s a link to our blog on [Cyber Essentials Plus requirements & checklist]

WRT to the mobile operating systems, IASME provides us a link where they have the latest supported operating systems and we assess your environment against the provided supported operating systems. If you are not sure it’s a good idea to keep your systems up-to-date.

Hope that helps. Please get in touch with us at hello@techforce.co.uk if you have any further questions or if you would like to achieve the certification.

Do check out our other blogs on Cyber Essentials & Cyber Essentials Plus certification