[raw]
Cyber Essentials and Cyber Essentials Plus

Cyber Essentials Certification Body logo

Cyber Essentials Certification

Cost-effective, essential cyber essentials qualifications to protect against online attacks

Request a Quote

Cyber Essentials Plus Certification

The Cyber Essentials qualification is a certification scheme developed by the UK Government and industry to help protect organisations against common online attacks. Cyber Essentials certification is mandatory for many UK Government contracts and is becoming increasingly desirable for private sector contracts.

Cyber Essentials qualifications define a focused set of controls that provide a basic level of cyber security hygiene for organisations of all sizes. It offers an independently certified mechanism for organisations to demonstrate to their customers, internal stakeholders, investors, insurers and others that they have taken these essential precautions.

Risk Crew is an accredited Cyber Essentials & Cyber Essentials+ certification body, we offer various levels of support to ensure you achieve both certifications and realise the security benefits for which the scheme was designed. Learn the difference between Cyber Essentials and Cyber Essentials Plus below.

If you choose our supported routes to certification, we are on hand (virtually or on-site) to provide guidance and remedial advice throughout the whole process.

Whether you choose Cyber Essentials or Cyber Essentials Plus, Risk Crew’s CE experts will provide their expanded expertise to help you gain certification.

Cyber Essentials Certification Service – Features and Components

Risk Crew can help your organisation achieve certification through one of our bespoke, cost-effective services that best suits your needs.

Cyber Essentials Certification

This service is ideal for organisations with good IT/information security knowledge. Deliverables include:

  • Platform registration
    Risk Crew will register you on the Cyber Essentials certification platform, you’ll be issued an account and 2FA login credentials.
  • Issue questionnaire
    The platform will issue your online questionnaire for completion.
  • Questionnaire assessment
    Once submitted, a certified Risk Crew CE assessor will review your questionnaire within 48 hours and a ‘Pass’ or ‘Fail’ is determined.
  • Issue correction notes (if a fail)
    Risk Crew will provide correction notes describing the required remediation for each area of non-conformity identified.
  • Free reassessment
    You’ll have 30 days to correct any non-conformities and resubmit to qualify for the free reassessment.
  • Cyber insurance
    Free cyber insurance is available to UK companies with an annual turnover of less than £20m.
  • Cyber Essentials Certification
    Upon a ‘Pass’ determination, certification will be awarded. CE certification is valid for 12 months.

Fees:
starting at £300.00 (prices vary based on organisation size)

Cyber Essentials Supported Certification

This service provides advice and extra support you may need to reach Cyber Essentials certification. Deliverables include:

  • ‘Dress rehearsal’ questionnaire assessment
    Prior to the formal questionnaire assessment and submission, the Risk Crew CE assessor will review your answers to ensure they fully comply with the requirements of the scheme.
  • Remediation support (if non-compliant)
    If your questionnaire responses fall short, Risk Crew will provide full remediation advice. Unlimited email/telephone/virtual support is available during this phase.
  • Platform registration
    Risk Crew will register you on the Cyber Essentials certification platform, you’ll be issued an account and 2FA login credentials.
  • Issue questionnaire
    The platform will issue your online questionnaire for completion.
  • Formal questionnaire assessment and outcome
    A Cyber Essentials assessor will review your final responses and will not formally submit your questionnaire until it will successfully pass.
  • Cyber insurance
    Free cyber insurance is available to UK companies with an annual turnover of less than £20m.
  • Certification
    Upon a ‘Pass’ determination, certification will be awarded. CE certification is valid for 12 months.

Fees:
£995.00 (prices vary based on organisation size)

Cyber Essentials PLUS Supported Certification*

*Organisations applying for CE+ must have achieved the basic Cyber Essentials and hold a valid CE certificate dated within the last 3 months.

This service provides advice and extra support you may need to reach certification. Deliverables include:

  • External vulnerability scanning
    Risk Crew will conduct vulnerability scanning of all external IPs.
  • On-site/remote audit and assessments
    Risk Crew will conduct a remote or an on-site assessment to verify compliance with your questionnaire responses in areas of malware protection and security update management of End User Devices to include mobile devices.
  • Provide remediation support if there is a FAIL
    Where we observe any areas of non-compliance or the scanning detects High/Critical vulnerabilities, Risk Crew will provide results with remediation advice. Unlimited email/telephone/virtual support is available during this phase. Our goal is to get you ready for the reassessment within the next 24 hours.
  • Free reassessment
    If we are not able to support your remediation to a level that warrants a reassessment within the next 24 hours, you’ll have 30 days to correct the non-conformities and/or vulnerabilities to qualify for the free retest. Unlimited email/telephone/virtual support is still available during this phase.
  • Cyber insurance
    Free cyber insurance is available to UK companies with an annual turnover of less than £20m.
  • Cyber Essentials Certification
    Upon a ‘Pass’ determination, certification will be awarded. CE Plus certification is valid for 12 months.

Get a Quote

What’s the Difference Between the Cyber Essentials and Cyber Essentials Plus Certification?

 

Cyber Essentials Certification Badge

Organisations self-assess their systems, policies and security controls by completing an online self-assessment questionnaire (SAQ). Risk Crew will then verify that your questionnaire responses comply with Cyber Essentials requirements. The SAQ spans five key security areas:

   1. Boundary firewalls and internet gateways

   2. Secure configuration

   3. Access control

   4. Malware protection

   5. Security update management

Cyber Essentials Plus

Cyber Essentials Plus has the Cyber Essentials trademark simplicity of approach, and the protection areas you need to put in place are the same. However, in order to achieve Cyber Essentials Plus certification Risk Crew needs to conduct a remote verification of your Cyber Essentials questionnaire responses and a technical assessment of the security integrity of your IT infrastructure.

Cyber Essentials Certificate Benefits

Cyber Essentials helps guard against the most common cyber threats and demonstrates your organisation’s commitment to cyber security.

Find out more about the benefits of the Cyber Essentials Plus qualification in our recent blog post.

Achieving certification to the scheme will provide the following benefits:

✓ Protect against common cyber attacks

✓ Show commitment to protect customer data standard

✓ Reduce the risk/likelihood of a breach

✓ Meet the requirements for public sector contracts

✓ Get an understanding of your risk level

✓ Provide customer & vender assurance

Why Choose Risk Crew for Your Cyber Essentials Plus Certification?

All our Cyber Essentials certification services are delivered by seasoned Practitioners, Auditors and Security Testing Engineers who also possess a host of industry-recognised information security governance, risk and compliance certifications.

When you choose Risk Crew, you’re electing to work with qualified Cyber Essentials certification experts.

Best Practice

Risk Crew follows best practices including ISO 27001, PCI, Data Protection Act 2018 and the GDPR

Accredited

ISO 27001, CREST and Cyber Essentials Plus certified

Certified

Engineers hold CREST, CISSP, CISA, CRISC, CISM and CSX certifications

Experienced Practitioners

Risk Crew has over 20 years of practical knowledge

Start Your Cyber Security Journey Today

Contact Us

Frequently Asked Questions

If there are any questions you have that we haven’t answered below, explore our recent blog post Cyber Essentials Plus – Your Burning Questions Answered.

What are the Steps to Achieving Cyber Essentials Plus?

If you are considering a Cyber Essentials certification, you should follow these steps. First, appoint an IASME Cyber Essentials certification body, who you will work closely with you to prepare for and gain the certification. The most important step is preparation for the following assessments:

External vulnerability scan (all external-facing IPs)
Internal vulnerability scan (a sample of devices)
Questionnaire audit
Malware check (AV, Email)
Mobile device check

Once you have prepared, you’ll have three months to submit your application for the CE+ certification. If you have met the requirements, you’ll be rewarded with the badge. For more detailed steps on achieving Cyber Essentials, read our recent blog post.

Can Cyber Essentials Plus be Achieved Remotely?

Due to Covid-19, many organisations have moved operations and staff online. The good news is that you can gain the Cyber Essentials Plus certification remotely. assessment scope remains the same as in-person assessments. For more information, read our blog post – Can I get Cyber Essentials Plus Certification Remotely?

What Should You Do Once Cyber Essentials Plus has Been Achieved?

While the Cyber Essentials certification is a highly-recognised achievement within itself, it doesn’t cover all areas of cyber security, such as social engineering. To ensure you are protecting your organisation against all security threats, you should consider undertaking other certifications, such as ISO 27001, which certifies your business in information security management. To find out more, read our recent blog post about what to do after achieving Cyber Essentials Plus.

How Much Does Cyber Essentials Cost?

The basic Cyber Essentials certification starts at £300, but this may increase depending on the size of your organisation. If your organisation needs extra support, the Cyber Essentials Supported certification the cost starts at £995. Each Cyber Essentials certification is valid for 12 months.

Request a Quote to Get Started Today

Our Cyber Essentials certification experts will contact you to discuss your specific requirements