How Do I Pass Cyber Essentials Plus Certification?

Before you know the answer to ‘How do I pass Cyber Essentials certification’ you need to know which level of Cyber Essentials certification you will want to achieve. There are two levels of certification. One is Cyber Essentials and another is Cyber Essentials Plus. With the latest changes made by National Cyber Security Centre (NCSC) to Cyber Essentials certification IASME is the only approved accreditation body. As per the changes, to achieve Cyber Essentials Plus certification you will need to pass Cyber Essentials basic level (self-assessment) first. Here is the process involved in applying and passing the Cyber Essentials plus certification.

What’s required to pass Cyber Essentials plus?

Cyber Essentials certification has clearly defined requirements in order to pass the certification. There are 5 different areas of your IT setup that will be in the scope of the assessment. They are Firewalls, Secure configuration, User Access Controls, Patch Management and Malware management. You will need to ensure these 5 topics are covered and no gaps exist. For more information please refer to our blog article ‘Everything You Need to Know About Cyber Essentials’.

What’s next?

Once you decide to achieve the cyber Essentials certification and the level of the certification, you will need to find a certification body to apply for the certification. Your IT department or IT support company will help you with this. You can find the list of Cyber Essentials certification bodies here on the IASME website.


Get certified today

  • Cyber Essentials Basic - CEB001



    2 Days for Remediation

    1 Day Turnaround

    £25k Cyber Insurance*

    *Insurance details are on IASME website

  • Guided Cyber Essentials - CEB002


    Everything in CEB001 plus


    Online/Phone Support

    *Insurance details are on IASME website

  • Cyber Essentials Plus - CEP001


    Everything in CEB002 Plus

    30 Day Remediation

    Systems Audit (remote)

    *Insurance details are on IASME website

  • Guided CE Plus - CEP002


    Everything in CEP001 plus

    Pre- systems Audit

    Gap Analysis report



    *Insurance details are on IASME website

The process for Cyber Essentials certification

For base level Cyber Essentials certification, it’s a self-assessment questionnaire you will need to go through. The certification body will give you access to a portal where you will need to answer the questions about your IT infrastructure. Once you submit the application the system will notify you if you passed or not. If you didn’t pass and there are gaps identified then you will have 3 days to fix the gaps and submit the application without any extra costs. If you do not pass this time too then you will need to make the fresh application and pay for it again. Perhaps, our pre-assessment service will come in handy in this instance.

For Cyber Essentials Plus certification, you will need to pass the base level certification process first then a remote/on-site audit will be performed by the Certification body. If the cyber essentials audit results come back with no gaps then you will be awarded CE Plus certification. If there are gaps identified then you will have 15 days to fix them and go through the assessment again. If you do not pass this time too then you will need to make a fresh application and pay for it again. The biggest challenge we see customers face is 3rd party patch management. If you have the patch management under control then you can expect no surprises in passing the certification. Here is an article where we listed the 'Cyber Essentials Scheme patching requirements'. Perhaps, our pre-assessment & gap analysis service will come in handy in this instance.


Passing Cyber Essentials certification is a fairly straightforward process if your IT infrastructure is properly maintained. If not, you will either need to go through the requirements and update all the relevant areas in the scope or get the certification body to do a pre-assessment. Here is the 'Cyber Essentials checklist' that might come in handy for you. Think about the MOT for a car. Once that’s done, find the certification body and go through the process. Please note that Cyber Essentials certification is an annual thing where you need to go through the re-certification process annually.


Back to startx