Cyber Essentials and Cyber Essentials Plus

Cyber Essentials & Cyber Essentials Plus

Cost-effective, essential cyber security for organisations of all sizes

Request a Quote

Cyber Essentials Certification

Cyber Essentials is a certification scheme developed by the UK Government and industry to help protect organisations against common online attacks. Certification is mandatory for many UK Government contracts and is becoming increasingly desirable for private sector contracts.

It defines a focused set of controls that provide a basic level of cyber security hygiene for organisations of all sizes. It offers an independently certified mechanism for organisations to demonstrate to their customers, internal stakeholders, investors, insurers and others that they have taken these essential precautions.

Risk Crew is an accredited CE & CE+ certification body, we offer various levels of support to ensure you achieve both certifications and realise the security benefits for which the scheme was designed. Learn the difference between Cyber Essentials and Cyber Essentials Plus below.

If you choose our supported routes to certification, we are on hand (virtually or on-site) to provide guidance and remedial advice throughout the whole process. We will not advise you to formally submit your questionnaire until we know it will result in successful certification.

Whether you choose Cyber Essentials or Cyber Essentials Plus, Risk Crew will ensure you gain certification.

Cyber Essentials – Features and Components

Risk Crew can help your organisation achieve certification through one of our bespoke, cost-effective services that best suits your needs.

Cyber Essentials Certification

This service is ideal for organisations with good IT/information security knowledge. Deliverables include:

  • Platform registration
    Risk Crew will register you on the CE certification platform, you’ll be issued an account and 2FA login credentials.
  • Issue questionnaire
    The platform will issue your online questionnaire for completion.
  • Questionnaire assessment
    Once submitted, a certified Risk Crew CE assessor will review your questionnaire within 48 hours and a ‘Pass’ or ‘Fail’ is determined.
  • Issue correction notes (if a fail)
    Risk Crew will provide correction notes describing the required remediation for each area of non-conformity identified.
  • Free retest
    You’ll have 2 days to correct any non-conformities and resubmit to qualify for the free retest.
  • Cyber insurance
    Free cyber insurance is available to UK companies with an annual turnover of less than £20m.
  • Certification
    Upon a ‘Pass’ determination, certification will be awarded. CE certification is valid for 12 months.

Fees:
£300.00

Cyber Essentials Supported Certification

This service provides advice and extra support you may need to reach certification. Deliverables include:

  • Platform registration
    Risk Crew will register you on the CE certification platform, you’ll be issued an account and 2FA login credentials.
  • Issue questionnaire
    The platform will issue your online questionnaire for completion.
  • ‘Dress rehearsal’ questionnaire assessment
    Prior to the formal questionnaire assessment, the Risk Crew CE assessor will review your submission to ensure it fully complies with the requirements of the scheme.
  • Provide remediation support (if a fail)
    If your questionnaire responses fall short, Risk Crew will provide full remediation advice. Unlimited email/telephone/virtual support is available during this phase.
  • Formal questionnaire assessment with guaranteed pass
    A CE assessor will review your final responses and will not formally submit your questionnaire until it will successfully pass.
  • Cyber insurance
    Free cyber insurance is available to UK companies with an annual turnover of less than £20m.
  • Certification
    Upon a ‘Pass’ determination, certification will be awarded. CE certification is valid for 12 months.

Fees:
£600.00

Cyber Essentials PLUS Certification*

*Organisations applying for CE+ must have achieved the basic Cyber Essentials and hold a valid CE certificate dated within the last 3 months.

This service is ideal for organisations with good IT/information security knowledge. Deliverables include:

  • Internal & external vulnerability scanning
    Risk Crew will conduct vulnerability scanning of all external IPs and a sample of up to 10 internal IPs (workstations/builds).
  • On-site audit and assessments
    Risk Crew will conduct an on-site assessment to verify compliance with your questionnaire responses and conduct a review of anti-malware software and mobile device operating systems.
  • Issue correction notes (if a fail)
    If the assessment is deemed as a ‘Fail’, correction notes will be provided describing the required remediation for each area of non-conformity. Any vulnerabilities rated as ‘High’ or ‘Critical’ identified during the scanning will also need to be remediated.
  • Free retest
    You have 2 days to correct the non-conformities and/or vulnerabilities and resubmit to qualify for the free retest.
  • Cyber insurance
    Free cyber insurance is available to UK companies with an annual turnover of less than £20m.
  • Certification
    Upon a ‘Pass’ determination, certification will be awarded. CE Plus certification is valid for 12 months.

Get a Quote

Cyber Essentials PLUS Supported Certification*

*Organisations applying for CE+ must have achieved the basic Cyber Essentials and hold a valid CE certificate dated within the last 3 months.

This service provides advice and extra support you may need to reach certification. Deliverables include:

  • Internal & external vulnerability scanning
    Risk Crew will conduct vulnerability scanning of all external IPs and a sample of up to 10 internal IPs (workstations/builds).
  • On-site ‘dress rehearsal’ audit and assessments
    Risk Crew will conduct a one-day on-site pre-assessment visit to assess your current status to the compliance requirements of the CE scheme.
  • Provide remediation support if a fail or high vulnerabilities are detected
    Where we observe any areas of non-compliance or the scanning detects High/Critical vulnerabilities, Risk Crew will provide full reporting and remediation advice. Unlimited email/telephone/virtual support is available during this phase.
  • On-site audit and assessments with a guaranteed pass
    Once you have remediated any areas of noncompliance, the Risk Crew assessor will conduct the formal on-site assessment and complete the certification report. We will not formally submit your CE Plus report until it will successfully pass.
  • Cyber insurance
    Free cyber insurance is available to UK companies with an annual turnover of less than £20m.
  • Certification
    Upon a ‘Pass’ determination, certification will be awarded. CE Plus certification is valid for 12 months.

Get a Quote

What’s the difference between the two certifications?

Cyber Essentials

Organisations self-assess their systems, policies and security controls by completing an online self-assessment questionnaire (SAQ). Risk Crew will then verify that your questionnaire responses comply with Cyber Essentials requirements. The SAQ spans five key security areas:

   1. Boundary firewalls and internet gateways

   2. Secure configuration

   3. Access control

   4. Malware protection

   5. Patch management

Cyber Essentials Plus

Cyber Essentials Plus has the Cyber Essentials trademark simplicity of approach, and the protection areas you need to put in place are the same. However, in order to achieve Cyber Essentials Plus certification Risk Crew needs to conduct an on-site verification of your CE questionnaire responses and a technical assessment of the security integrity of your IT infrastructure.

Cyber Essentials Benefits

Cyber Essentials helps guard against the most common cyber threats and demonstrates your organisation’s commitment to cyber security.

Achieving certification to the scheme will provide the following benefits:

✓ Protect against common cyber attacks

✓ Show commitment to protect customer data standard

✓ Reduce the risk/likelihood of a breach

✓ Meet the required for public sector contracts

✓ Get an understanding of your risk level

✓ Provide customer & vender assurance

Why Choose Risk Crew

All our Cyber Essentials certification services are delivered by seasoned Practitioners, Auditors and Security Testing Engineers who also possess a host of industry-recognised information security governance, risk and compliance certifications.

When you choose Risk Crew, you’re electing to work with qualified experts.

Demonstrate that Your Organisation is Taking Essential Cyber Security Measures.

Request a Quote to Get Started Today

Our CE experts will contact you to discuss your specific requirements



Penetration Testing Services of Interest:

Cyber Essentials CertificationCyber Essentials Supported CertificationCyber Essentials PLUS CertificationCyber Essentials PLUS Supported Certification

View our privacy notice here.