The Cyber Essentials scheme defines a security standard which organisations can be certified against. It identifies five key security controls that work together to mitigate 80% of common cyber-attacks.

Designed to encourage the implementation of fundamental security elements, this government-backed certification presents a starting point that validates a basic level of security, suitable for all organisations in all sectors.

Cyber Essentials:

  • Mitigates the most commonly seen threats from internet-based attackers.
  • Provides confidence that at a fundamental level, cyber security is effectively addressed.
  • Demonstrates that compliance has been attained in line with industry recognised standards.
  • Supports eligibility requirements for certain government and MOD supply chain contracts.
  • Helps to address other compliance requirements such as GDPR.

Get Data sheet

Find out how Cyber Essentials can protect your business

Threat Fact Sheet

Don't underestimate the threat to your business

Download Now

GETTING YOUR BUSINESS CERTIFIED

Cyber Essentials

Cyber Essentials – This level of certification is awarded on the basis of a completed self-assessment questionnaire. This evaluates your processes against five basic security controls:

  • Boundary firewalls and internet gateways
  • Secure configuration
  • User access control
  • Malware protection
  • Patch management

On completing the questionnaire, our team will verify your answers by conducting:

  • A full TCP service scan
  • Most common 1000 UDP service scan
  • A Cyber Essentials compliant vulnerability scan
  • Manual investigation

After this process a full report will be generated containing the details of what was discovered. The report will demonstrate clearly whether you have passed or failed and what measures must be taken in remediation. A consultant will be available to advise you if required.

Cyber Essentials Plus

Cyber Essentials Plus – This level offers a higher level of assurance. It contains the same elements as Cyber Essentials evaluating your processes against five basic security controls:

  • Boundary firewalls and internet gateways
  • Secure configuration
  • User access control
  • Malware protection
  • Patch management

Then extends the assurance, testing that the five key controls are working in practice by simulating a phishing attack and a build review of representative workstations and mobile devices. This additional phase of testing increases the validity of certification considerably by providing evidence of compliance.

Nearly three-quarters of SMEs reported a security breach last year – and by implementing the security controls that Cyber Essentials promotes, your business will be in a better position to protect against these attacks.

CYBER ESSENTIALS

Find out how Cyber Essentials can help and protect from you from emerging cyber threats

GET IN TOUCH

Pentest logo

The scheme provides a metric against which organisations can measure the maturity of their security posture. Successful completion provides a certificate and digital assets for marketing. This can be used to demonstrate to customers and business partners that compliance has been attained in line with industry recognised standards.

Cyber Essentials has been developed as part of the UK’s National Cyber Security Programme and in close consultation with industry. It was created for organisations of all sizes and sectors to ensure that they are taking the correct steps to protect themselves from cyber-crime.

It is not limited to companies in the private sector, but is applicable to universities, charities and public sector organisations. By deploying these controls, organisations demonstrate that cyber security is being addressed effectively and that they meet eligibility requirements for certain government and MOD supply chain contracts.

Quality standards

Selected by industry experts, the technical controls within the scheme reflect those covered in well-established standards, such as the ISO/IEC 27001 series, the Information Security Forum’s Standard of Good Practice for Information Security and the Standard for Information Assurance for Small and Medium Sized Enterprises.

Pentest Accreditations IT Health Check Service Crest Accredited Cyber Essentials Accreditation