What is the process for Cyber Essentials Plus Certification?
We were asked this question a couple of times over the last few days. Firstly, Cyber Essentials Plus process includes going through the Cyber Essentials (Basic) self-assessment. The whole process might take anywhere from a couple of days to a few weeks. Here is the exact process for Cyber Essentials Plus certification.
Customer places the order with the Certification Body.
You will need to Identify a certification body to apply for your Cyber Essentials certification. You may get in touch with the Accreditation Body, IASME but you will be put in touch with one of the certification bodies or you can contact a body you know or heard of. Place the order and follow the instructions. TechForce is an IASME approved certification body. To make this step easier you can just get in touch with us and we will do the rest.
Certification body sends you the portal login details to go through the self-assessment part.
Once the order is placed you will receive the confirmation as well as the portal login details to go through the self-assessment questionnaire. If you purchased extra assistance from the certification body they will be able to do a pre-assessment and also identify any gaps before you do the final submission. This can be very helpful if you are not sure about the technical security controls you have in place. This can be done in a day or less. For all our basic certification we guarantee a day. Check out our ‘Cyber Essentials plus certification checklist & requirements’ to know more about what’s required.
Certification Body assesses the questionnaire and you will hear the outcome (pass/fail)
An assessor from the certification body will assess your answers and mark it as a pass or fail. If it’s a fail then you will have two days to fix any issues and resubmit the application.
If it’s a pass then the Certification Body will organise the site-audit (remote)
Once you pass the self-assessment you have achieved the Cyber Essentials basic. The Cyber Essentials certification body will organise the site-audit. All of our site audits are now remote. We do not need to visit your site. In this site audit the assessor will be conducting an internal & external vulnerability assessment, email test, browser download test and user access controls test. Check out our article on ‘what exactly is involved in Cyber Essentials plus audit?’ Depending on the audit you will have an outcome of Pass or Fail. If it's a fail then you have 30 days to fix any issues and resubmit the application. IF you fail again then you will have to make a new fresh application which means you will have to repeat the entire process from step-1. The most failures occur with the patch management. Check out our blog on Cyber Essentials Plus patching requirements.
Your team will spend around 2hours to organise the audit. It can be more depending on your network. WRT fixing the issues, it’s completely up to you how quickly can you fix them. Quicker the better. If you are not sure about the security controls you have in place then extra assistance from the Cyber Essentials Certification Body will be able to help.
For example, we offer a package called ‘Cyber Essentials Plus Extra’. As part of the package we perform a pre-audit and gap analysis exercise so that you know where your gaps are before you go ahead with the final audit. This can be extremely helpful and save you time & money.
Please note, Once you pass the basic certification you will have 90 days to apply for the Cyber Essentials Plus. In other words, you can just do the basic version for now and upgrade to plus later. Also, you will have to finish your plus certification within the 90 days from the beginning of the process.
Once the site audit is completed you will know the outcome (pass/fail) of the certification.
In the previous step I explained the implications of a failure. However, if you pass the audit you will receive the Cyber Essentials Plus certification. You will then have to go through the re-certification process every year. You can also sign up for a regular compliance checking service so that you are confident your security controls are in place as well as there will be no surprises at the re-certification time.
I hope that explains the process involved in Cyber Essentials Plus certification. If you have any further questions please get in touch. When you are ready to go through your certification then drop us an email or buy the suitable package and we can get you certified in a few days.
IASMECyber Essentials questionnaire
Read or Download the IASME Cyber Essentials Questionnaire pdf copy here. The questionnaire has different sections laid out for all the controls as well as providing the preparation advice.More
What exactly is involved in Cyber Essentials Plus audit?
Cyber Essentials Plus accreditation involves the auditing of your IT systems. Read the article to know what exactly is involved in he audit process.More
Cyber Essentials most frequently asked questions
Cyber Essentials is a Government-backed, industry-supported certification and run by National Cyber Security Centre (NCSC). Here are the Cyber Essentials scheme most frequently asked questio...More
What is Email Phishing and how to detect & prevent phishing emails?
Email Phishing is a form of social engineering. Phishing is the method of sending a deceptive email to make the recipient reveal sensitive information, click on a link or download a maliciou...More
FOR LATEST UPDATES SUBSCRIBE HERE: