What Exactly Happens During the Cyber Essentials Plus Technical Audit?

This is one of the most frequently asked questions, what exactly happens during the Cyber Essentials Plus audit or sometimes we get asked ‘what is the exact process for Cyber Essentials Plus?’


There have been a few changes made to the framework in the year 2022 and 2023. The changes in 2022 were major and 2023 were not so much. However, one key change to note in 2023 is the mandatory requirement of 2FA across all cloud services for all the users and not just the admins which seem to be trip up lots of businesses. Here is our blog on Cyber Essentials Montpellier update.

Ok you have now achieved Cyber Essentials self-assessment and wondering what happens during the CE plus audit? Or maybe you are thinking about CE plus but not sure about the audit. No worries, you came to the right place. Here is what happens.

Step 1: Organisation Size

Step 2: Pick Cyber Essentials Package

  • Cyber Essentials Basic - CEB001

    £300 + VAT


    2 Days for Remediation

    1 Day Turnaround

    £25k Cyber Insurance*

    The package explained

    *Insurance details are on IASME website

  • Guided Cyber Essentials - CEB002

    £500 + VAT

    Everything in CEB001 plus


    Online/Phone Support

    *Insurance details are on IASME website

  • Cyber Essentials Plus - CEP001

    £1500 + VAT

    Everything in CEB002 Plus

    30 Day Remediation

    Systems Audit (remote)

    *Insurance details are on IASME website

  • Guided CE Plus - CEP002

    £2500 + VAT

    Everything in CEP001 plus

    Pre- systems Audit

    Gap Analysis report



    *Insurance details are on IASME website

Once you achieve the CE self-assessment one of our assessors will organise the Technical Audit for CE plus. If you pass the technical audit for Cyber Essentials Plus then you will achieve the certification straightaway. The audit contains the following tests/assessments.

  • Internal & External Vulnerability scans
  • Email security test
  • Browser security test
  • File Execution test
  • Malware protection test
  • Evidence collection for 2FA and Mobile device operating systems

With the Internal & External vulnerability scan, we will only scan a sample amount of devices regardless of how many devices you may have. For example, you may have 1,000 devices but we will only scan 10-15 devices. These devices will be selected at random. The scanning will be done remotely. External scanning is done on your public IPs. We are expecting no unnecessary opened ports here. Here’s a link to our blog [How to pass Cyber Essentials Plus]

The rest of the tests are done on one of the company end user devices. An assessor will login with a remote logging in software and perform the tests. We have a sample amount of emails to send to carry out the email security test. All these emails have a sample malicious file(s) attached to them and we are expecting your email filter to take the necessary action.


Similar to the email security test we have sample malware to download and we are expecting your browser to take the necessary action to meet the Cyber Essentials criteria. By now, you get the gist. The process is the same or the File execution test and Malware Protection test. Here’s a link to our blog on [Cyber Essentials Plus requirements & checklist]

WRT to the mobile operating systems, IASME provides us a link where they have the latest supported operating systems and we assess your environment against the provided supported operating systems. If you are not sure it’s a good idea to keep your systems up-to-date.

Hope that helps. Please get in touch with us at hello@techforce.co.uk if you have any further questions or if you would like to achieve the certification.

Do check out our other blogs on Cyber Essentials & Cyber Essentials Plus certification

Related Articles


Back to start
aberdeen skyline graphic