Photo-202

Cyber Essentials

Take the stress out of certification with support from our experienced Cyber Essentials Assessors.

What is Cyber Essentials?

Cyber Essentials is a government-backed framework designed to mitigate the risk of common, avoidable vulnerabilities and help improve the security posture of your business. It is mapped against five technical control themes: Access Control, Firewalls, Secure Configuration, Malware protection, and Security update management.

We'd love to help you achieve Cyber Essentials, so if you'd like a quote please click here and provide us with the information we'll need to get you a price and a delivery date

Ready to talk?

Benefits of certification

  • Protect your organisation from 80% of common cyber-threats

    Certification will give you peace of mind that your IT security is ready to defend your business against a vast majority of common, easy to exploit cyber-attacks that are aimed at targets that do not have the five controls in place

  • Bid for Government, public sector and supply-chain contracts

    Cyber Essentials is the minimum certification you will need to bid for many new public sector contracts.

  • Free Cyber Insurance or reduced premiums

    Some organisations may qualify for free cyber insurance with a liability cap of £25,000, while others who are not eligible may receive lower premiums from some insurance providers upon reaching Cyber Essentials Status

  • Increased credibility and marketing strategy

    Some organisations prefer to collaborate with those who take cyber security seriously. With Cyber Essentials, you can demonstrate that you have met the standard, and a badge is available to display on your website and in your documentation

Get a Cyber Essentials quote

Ready? How to get certified

Our process for gaining certification has been created to ensure your journey to better security hygiene is simple and stress-free:

Find out more

1. Speak to one of our trained consultants

2. Complete the self-assessment

3. We review your submission and support you where required

4. Gain certification within 30 days

To avoid an opportunist attack, Cyber Essentials examines your basic security hygiene.

Firewalls

Best practice setup of devices are designed to prevent unauthorised access to, or from, private networks.

Cyber Essentials 5 technical control themes

User Access Control

Ensures that user accounts are only assigned to authorised users and that only the applications, computers, and networks necessary for the user to accomplish their task are accessible

Secure configuration

Ensures that computers and network devices are properly configured to reduce the level of inherent vulnerabilities and provide only the services required to fulfil their role.

Malware protection

To ensure that the execution of known malware and untrusted software and to prevent harmful code from causing damage to accessing sensitive data.

Security Update Management

Ensuring you have a process to deploy the latest supported versions of operating systems and applications that contain security fixes for known vulnerabilities.

Cyber Essentials or Cyber Essentials Plus?

Cyber Essentials is a self-assessed questionnaire centred on the implementation and management of five technical controls.

Self-Assessment offers the minimum amount of IT Security all UK businesses should be meeting that will defend you against the most common cyber threats. To complete the questionnaire, you must review these controls, ensure they are implemented and configured correctly. This is reviewed and marked by a Claranet Cyber Essentials Assessor.

Cyber Essentials Plus is a physical verification of the controls you declared within the self-assessment and includes an additional vulnerability assessment.

Claranet will run up to 7 tests against a sample of end-user devices to check that controls are in place and working effectively. Vulnerability assessments offer peace of mind that external attack surfaces meet compliance.

uk-landing-page-ce_200_plus

What are the benefits of upgrading to Cyber Essentials Plus?

Cyber Essentials Plus offers additional peace of mind that the controls you have in place are working. An Assessor will simulate a range of common threats against your end-user devices and external attack surface to see how they withstand. This is close to a real attack within a controlled environment

For some supply chains and Government tenders, full certification is a prerequisite. So gaining Cyber Essentials Plus now will help you get ready if this might impact your organisation.

When you gain Cyber Essentials PLUS, you get the badge to promote your achievement. This can improve your credibility and offers a point of differentiation.

Demonstrate your commitment to cybersecurity

Cyber Essentials

  • Access support from a qualified assessor
  • Expert guidance and advice from experienced penetration testers
  • Fully online service, delivered remotely
  • We review questionnaire responses with you to ensure they meet the standards set by Cyber Essentials
  • Receive your results and certification on the consultancy day (Provided all client tasks are complete)

Cyber Essentials Plus

  • 3 main elements – Cyber Essentials Basic, Technical Audits, Reporting
  • Technical audits delivered remotely or onsite
  • Includes external vulnerability scan
  • Progress tracked, updates and results provided through online portal
  • Expert guidance and advice from experienced penetration testers

Learn more

Our accreditations and partnerships

uk_accreditations-and-partnerships

FAQs

Certification Questions:

  • With common, easy to exploit cyber-attacks on the rise there isn’t a better time to start looking at the fundamentals of your IT security posture.

    Cyber Essentials helps protect organisations against 80% of the most common cyber threats and starts your journey to better IT security and awareness.

    Achieving either Cyber Essentials demonstrates that you take the security of IT assets and data seriously. This can attract new business from others that think the same way about their IT security.

    Cyber Essentials is a stepping stone to advanced frameworks such as ISO27001 that focus on some of the same security controls.

  • Cyber Essentials is an online self-assessment questionnaire that will be completed by your organisation, your assessment is marked by an official Cyber Essentials assessor where it’s deemed as either a FAIL or PASS. Cyber Essentials highlights five key technical controls that, if implemented correctly, can boost your IT security. Once all questions have been declared the assessment must be signed off by a board member of your organisation.

    Cyber Essentials Plus is a physical verification of the controls declared on your self-assessment. This includes an external vulnerability assessment and an assessor will conduct seven tests on your internal network, end-user devices and external infrastructure to confirm controls are implemented correctly. This gives you the peace of mind that your IT security is implemented and working correctly.

  • That’s fine, you have three months from passing the self-assessment to complete a Plus audit without the need of re-sitting the self-assessment, after the three months your must complete and pass the self-assessment before doing Plus.

  • It’s a yearly renewal to keep your certificate and listing on the official NCSC website as Cyber Essentials certified.

  • Unfortunately, not, Cyber Essentials changes year on year so you must stay up to date with the changes and implement them throughout the year to ensure your renewal runs as smooth as possible. To help we can deliver gap analysis and requirements overviews throughout the year where required.

Service Delivery Questions:

  • It’s simple.

    For the Cyber Essentials Self-Assessment, you will be given access to an online portal where you will complete a series of questions. Once done you will submit these for Claranet to review. If you’re failing in any of the areas, we will offer guidance and time to remediate these issues before we re-mark your assessment. Once ready to pass you will receive a Certificate and listing on the NCSC website as certified.

    Once you have passed the Self-Assessment, you can opt for a higher level of assurance with Cyber Essentials Plus. This is a technical audit and is typically carried out remotely. A point of contact must be nominated at your organisation, and they will work with the Claranet Assessor to give them access to the devices that require testing.

Technical Questions:

  • Cyber Essentials:

    • Unsupported computing hardware that is EOL for firmware updates
    • Unsupported operating systems
    • Unsupported applications
    • Not being able to meet compliance in multiple areas
    • Unmanaged personal devices

    Cyber Essentials Plus:

    • Multiple critical or high vulnerabilities during the external or internal scan that can’t be remediated within 30 days
    • MFA not being applied to cloud service admin accounts
    • End-users being able to execute privileged tasks
    • Information found that contradicts the self-assessment

  • You can sometimes achieve compliance with un-supported devices or non-compliant locations via network segregation using boundary firewall or VLAN rules, in Cyber Essentials this is known as “de-scoping”.

    De-scoping offers less protection than including your whole organisation and you must declare this on your certificate.