As a busy Cyber Essentials (CE) certification body we get this question a lot and there is a lot of misunderstanding or misinterpretation about the difference between Cyber Essentials and Cyber Essentials Plus (CE Plus) certification. There have been a few updates to the certification in 2022 but the updates are applicable to both certifications. You can check out the latest changes to Cyber Essentials here. So what is the difference?
`Here it is. For the most part, CE and CE Plus certifications are the same but the only difference is you will get audited/assessed in the CE plus process. CE Plus does include the CE self-assessment certification as a 1st step. Without achieving the basic self-assessment certification you cannot progress towards Plus. The questionnaire is exactly the same for both. In fact, there is only a questionnaire you would fill in to get assessed for CE then organise a systems audit/assessment in order to achieve the Plus certification.
GET CERTIFIED TODAY
Step 1: Organisation Size
Step 2: Pick Cyber Essentials Package
Cyber Essentials Basic - CEB001
£320 + VAT
*Insurance details are on IASME website
Guided Cyber Essentials - CEB002
£670 + VAT
Everything in CEB001 plus
Pre-assessment
Online/Phone Support
*Insurance details are on IASME website
Cyber Essentials Plus - CEP001
£1500 + VAT
Everything in CEB002 Plus
30 Day Remediation
Systems Audit (remote)
*Insurance details are on IASME website
Guided CE Plus - CEP002
£2900 + VAT
Everything in CEP001 plus
Pre- systems Audit
Gap Analysis report
-
MOST POPULAR
*Insurance details are on IASME website
So what does the Cyber Essentials Plus audit involve? The audit/assessment contains a few different tests. There is File execution test, Email server test, Anti-virus test, Account privileges test, Vulnerability assessment and evidence collection for Operating System versions including mobile devices. If you pass all these tests then you (I mean your company) are pretty much a CE Plus achiever. From our vast experience, the general challenges we see are micro & small businesses usually struggling with Account privileges where local users are using the accounts with the admin privileges. Mid to Large businesses struggle with keeping the applications up to date and removing the End of Life (EOL) software from their infrastructure. We have published other blogs where we discussed the most common challenges in achieving CE & CE Plus. Please check them out.
Bonus tip, you will have 3 months from achieving CE self-assessment to upgrade from CE to CE Plus. Failing that, you will have to start the process all over.
Do check out our other cybersecurity case studies:
- Maersk Ransomware Attack
- British Airways Data Breach Fine by ICO of £183.4million
- Colleges and Universities in the UK targeted by cyber-attacks during the pandemic
- Microsoft Servers Hit by Cyberattack 2021
- Peterson Control Union Email Phishing & Security Awareness training
Also check out our blogs on Cyber Essentials & Cyber Essentials Plus certification:
Related Articles
CONTACT US TODAY:
