As a busy Cyber Essentials (CE) certification body we get this question a lot and there is a lot of misunderstanding or misinterpretation about the difference between Cyber Essentials and Cyber Essentials Plus (CE Plus) certification. There have been a few updates to the certification in 2022 but the updates are applicable to both certifications. You can check out the latest changes to Cyber Essentials here. So what is the difference?
`Here it is. For the most part, CE and CE Plus certifications are the same but the only difference is you will get audited/assessed in the CE plus process. CE Plus does include the CE self-assessment certification as a 1st step. Without achieving the basic self-assessment certification you cannot progress towards Plus. The questionnaire is exactly the same for both. In fact, there is only a questionnaire you would fill in to get assessed for CE then organise a systems audit/assessment in order to achieve the Plus certification.
GET CERTIFIED TODAY
Step 1: Organisation Size
Step 2: Pick Cyber Essentials Package
Cyber Essentials Basic - CEB001
£300 + VAT
*Insurance details are on IASME website
Guided Cyber Essentials - CEB002
£500 + VAT
Everything in CEB001 plus
Pre-assessment
Online/Phone Support
*Insurance details are on IASME website
Cyber Essentials Plus - CEP001
£1500 + VAT
Everything in CEB002 Plus
30 Day Remediation
Systems Audit (remote)
*Insurance details are on IASME website
Guided CE Plus - CEP002
£2500 + VAT
Everything in CEP001 plus
Pre- systems Audit
Gap Analysis report
-
MOST POPULAR
*Insurance details are on IASME website
So what does the Cyber Essentials Plus audit involve? The audit/assessment contains a few different tests. There is File execution test, Email server test, Anti-virus test, Account privileges test, Vulnerability assessment and evidence collection for Operating System versions including mobile devices. If you pass all these tests then you (I mean your company) are pretty much a CE Plus achiever. From our vast experience, the general challenges we see are micro & small businesses usually struggling with Account privileges where local users are using the accounts with the admin privileges. Mid to Large businesses struggle with keeping the applications up to date and removing the End of Life (EOL) software from their infrastructure. We have published other blogs where we discussed the most common challenges in achieving CE & CE Plus. Please check them out.
Bonus tip, you will have 3 months from achieving CE self-assessment to upgrade from CE to CE Plus. Failing that, you will have to start the process all over.
Do check out our other cybersecurity case studies:
- Maersk Ransomware Attack
- British Airways Data Breach Fine by ICO of £183.4million
- Colleges and Universities in the UK targeted by cyber-attacks during the pandemic
- Microsoft Servers Hit by Cyberattack 2021
- Peterson Control Union Email Phishing & Security Awareness training
Also check out our blogs on Cyber Essentials & Cyber Essentials Plus certification:
Related Articles
Is Cyber Essentials the same as ISO 27001?
If you've heard of Cyber Essentials and ISO 27001, you might be wondering if these certifications are interchangeable. Let's break it down to clear up any confusion.
MoreWhat are the Five Controls of Cyber Essentials?
In today's digital landscape, cyber threats are more prevalent than ever, posing significant risks to businesses of all sizes. Cyber Essentials is a UK government-backed scheme designed to h...
MoreVACANCY: Join TechForce Cyber as a Penetration Tester
TechForce Cyber is an established cybersecurity consultancy in the UK, dedicated to delivering bespoke security solutions...
MoreTechForce Cyber Talks Cyber Security to the Portlethen Academy Students
TechForce's Arbrar visits Portlethen Academy to educate the students on Cyber Security wellness and provide hints and tips for ensuring they are cyber safe.
More
FOR LATEST UPDATES SUBSCRIBE HERE: