As a busy Cyber Essentials (CE) certification body we get this question a lot and there is a lot of misunderstanding or misinterpretation about the difference between Cyber Essentials and Cyber Essentials Plus (CE Plus) certification. There have been a few updates to the certification in 2022 but the updates are applicable to both certifications. You can check out the latest changes to Cyber Essentials here. So what is the difference?
`Here it is. For the most part, CE and CE Plus certifications are the same but the only difference is you will get audited/assessed in the CE plus process. CE Plus does include the CE self-assessment certification as a 1st step. Without achieving the CE self-assessment certification you cannot progress towards CE Plus. The questionnaire is exactly the same for both. In fact, there is only a questionnaire you would fill in to get assessed for CE then organise a systems audit/assessment in order to achieve the CE Plus certification.
GET CERTIFIED TODAY
Step 1: Organisation Size
Step 2: Pick Cyber Essentials Package
Cyber Essentials Basic - CEB001
£300 + VAT
2 Days for Remediation
1 Day Turnaround
Guided Cyber Essentials - CEB002
£500 + VAT
Everything in CEB001 plus
Cyber Essentials Plus - CEP001
£1500 + VAT
Everything in CEB002 Plus
30 Day Remediation
Systems Audit (remote)
Guided CE Plus - CEP002
£2500 + VAT
Everything in CEP001 plus
Pre- systems Audit
Gap Analysis report
So what does the Cyber Essentials Plus audit involve? The audit/assessment contains a few different tests. There is File execution test, Email server test, Anti-virus test, Account privileges test, Vulnerability assessment and evidence collection for Operating System versions including mobile devices. If you pass all these tests then you (I mean your company) are pretty much a CE Plus achiever. From our vast experience, the general challenges we see are micro & small businesses usually struggling with Account privileges where local users are using the accounts with the admin privileges. Mid to Large businesses struggle with keeping the applications up to date and removing the End of Life (EOL) software from their infrastructure. We have published other blogs where we discussed the most common challenges in achieving CE & CE Plus. Please check them out.
Bonus tip, you will have 3 months from achieving CE self-assessment to upgrade from CE to CE Plus. Failing that, you will have to start the process all over.
Do check out our other cybersecurity case studies:
- Maersk Ransomware Attack
- British Airways Data Breach Fine by ICO of £183.4million
- Colleges and Universities in the UK targeted by cyber-attacks during the pandemic
- Microsoft Servers Hit by Cyberattack 2021
- Peterson Control Union Email Phishing & Security Awareness training
Also check out our blogs on Cyber Essentials & Cyber Essentials Plus certification:
TechForce Cyber Talks Cyber Security to the Portlethen Academy Students
TechForce's Arbrar visits Portlethen Academy to educate the students on Cyber Security wellness and provide hints and tips for ensuring they are cyber safe.More
5 Reasons to get Cyber Essentials and Plus for your Business
There have been a few changes made to the framework in the year 2022 and 2023. The changes in 2022 were major and 2023 were not so much.More
What Exactly Happens During the Cyber Essentials Plus Technical Audit?
This is one of the most frequently asked questions, what exactly happens during the Cyber Essentials Plus audit or sometimes we get asked ‘what is the exact process for Cyber Essentials Plus...More
Cyber Essentials for Remote Businesses
Cyber essentials refer to the fundamental technical controls and practices that businesses need to have in place to protect their digital systems and data from cyber threats.More
FOR LATEST UPDATES SUBSCRIBE HERE: