Cyber Essentials most frequently asked questions
What is the Cyber Essentials scheme?
Cyber Essentials is a Government-backed, industry-supported certification and run by National Cyber Security Centre (NCSC). It helps businesses to put basic security controls in place to fight most common cybersecurity threats. By achieving the certification your business shows the commitment to Cyber Security.
There are two types of Cyber Essentials (CE) Certifications. Cyber Essentials basic and Cyber Essentials Plus.
Who needs Cyber Essentials certification?
Any business that is tendering for government work is required to have the certification. By achieving Cyber Essentials your business is showing the commitment for Cyber Security. Your suppliers, partners and clients feel more confident in sharing data with you. If you are tendering for Government projects you must have Cyber Essentials.
How do I get Cyber Essentials certification?
Find a Certification Body, purchase the package you are looking for, then the Certification Body will send you the Cyber Essentials Questionnaire and follow the process. You can find the list of Certification Bodies on IASME website or simply get in touch with us. Check out the patching requirements and checklist for CE on our website.
How much does Cyber Essentials cost?
The CE basic certification costs £300 + VAT.
The CE Plus costs £1,900 + VAT. CE plus include CE basic.
The costs are for Certification only. It will cost more if your IT systems are to be updated.
Get certified today
Cyber Essentials Basic - CEB001
2 Days for Remediation
1 Day Turnaround
£25k Cyber Insurance*
Guided Cyber Essentials - CEB002
Everything in CEB001 plus
Cyber Essentials Plus - CEP001
Everything in CEB002 Plus
30 Day Remediation
Systems Audit (remote)
Guided CE Plus - CEP002
Everything in CEP001 plus
Pre- systems Audit
Gap Analysis report
How long does Cyber Essentials certification last?
Certification is only valid for a year and needs to be renewed every year to keep the status. The process will be the same again but not as tedious as the first time as long as you are keeping up with security controls that were put in place.
What is the difference between Cyber Essentials and Cyber Essentials Plus?
Cyber Essentials is a Self-Assessment certification where you would fill in a self-assessment form and the IAMSE Certification Body will assess the application. If all goes well you will pass. CE plus includes the self-assessment as well as an audit from the Certification Body. The audit includes the vulnerability scan of the systems, malware test, browser download test, email test and external scan. CE plus is the advanced certification and recommended.
How long does it take to get Cyber Essentials certification?
Cyber Essentials basic Certification can be achieved in a day or less. However, Cyber Essentials Plus depends on the availability of the assessor, your (client) availability and the outcome of the audit. If the audit finds gaps then you will have 30 days to fix them. If everyone is available and everything goes well then the certification can be done in a day as well.
What security controls are covered by Cyber Essentials?
Cyber Essentials Scheme covers 5 technical controls. They are
- Secure configuration
- User Access Controls
- Patch Management
- Malware Management
What Cyber Essentials certification should we get?
We would recommend you to go for Cyber Essentials Plus. It involves an onsite visit and testing from the Certification body and ensures that you have the required security controls in place. Although it costs more to achieve CE Plus certification it is worth it.
Cyber Essentials Level 1 is a straightforward exercise where you answer the questionnaire from the certification body and they will evaluate your answers then perform an external scan on your IP address. If all goes well you will pass and a certificate will be issued.
In layman terms, Cyber Essentials level 1 is you saying you have the security controls in place and Cyber Essentials plus is the Certification Body testing if what you said is right.
What is the difference between Cyber Essentials and ISO 27001?
Cyber Essentials is a framework for Technical security controls focusing on IT infrastructure whereas ISO 27001 is a risk management framework for data Security and compliance wherever it is. WRT which one you want to achieve really depends on your business requirement.
Hope that answers most of the frequently asked questions about Cyber Essentials. Check out our blog post ‘Everything you need to know about Cyber Essentials’ to find out more about Cyber Essentials.
Cyber Essentials Plus accreditation/certification explained
The article dives deep into what Cyber Essentials Plus accreditation/certification is, the requirements for the certification, cost and the process to achieve it.More
IASMECyber Essentials questionnaire
Read or Download the IASME Cyber Essentials Questionnaire pdf copy here. The questionnaire has different sections laid out for all the controls as well as providing the preparation advice.More
What is the process for Cyber Essentials Plus Certification?
Cyber Essentials Plus accreditation involves the auditing of your IT systems. Read the article to know what exactly is involved in the process.More
What exactly is involved in Cyber Essentials Plus audit?
Cyber Essentials Plus accreditation involves the auditing of your IT systems. Read the article to know what exactly is involved in he audit process.More
FOR LATEST UPDATES SUBSCRIBE HERE: