Cyber Essentials

Take the stress out of certification with support from our experienced Cyber Essentials Assessors.

What is Cyber Essentials?

Cyber Essentials is a government-backed framework designed to mitigate the risk of common, avoidable vulnerabilities and help improve the security posture of your business. It is mapped against five technical control themes: Access Control, Firewalls, Secure Configuration, Malware protection, and Security update management.

We'd love to help you achieve Cyber Essentials, so if you'd like a quote please click here and provide us with the information we'll need to get you a price and a delivery date

Ready to talk?

Benefits of certification

Protect your organisation from 80% of common cyber-threats

Certification will give you peace of mind that your IT security is ready to defend your business against a vast majority of common, easy to exploit cyber-attacks that are aimed at targets that do not have the five controls in place

Bid for Government, public sector and supply-chain contracts

Cyber Essentials is the minimum certification you will need to bid for many new public sector contracts.

Free Cyber Insurance or reduced premiums

Some organisations may qualify for free cyber insurance with a liability cap of £25,000, while others who are not eligible may receive lower premiums from some insurance providers upon reaching Cyber Essentials Status

Increased credibility and marketing strategy

Some organisations prefer to collaborate with those who take cyber security seriously. With Cyber Essentials, you can demonstrate that you have met the standard and a badge is available to display on your website and in your documentation

Ready? How to get certified

Our process for gaining certification has been created to ensure your journey to better security hygiene is simple and stress-free:

Speak to one of our trained consultants

Complete the self-assessment

We review your submission and support you were required

Gain certification within 30 days

To avoid an opportunist attack, Cyber Essentials examines your basic security hygiene.

Firewalls

Best practice setup of devices are designed to prevent unauthorised access to, or from, private networks.

Cyber Essentials 5 technical control themes

User Access Control

Ensures that user accounts are only assigned to authorised users and that only the applications, computers, and networks necessary for the user to accomplish their task are accessible

Secure configuration

Ensures that computers and network devices are properly configured to reduce the level of inherent vulnerabilities and provide only the services required to fulfil their role.

Malware protection

To ensure that the execution of known malware and untrusted software and to prevent harmful code from causing damage to accessing sensitive data.

Security Update Management

Ensuring you have a process to deploy the latest supported versions of operating systems and applications that contain security fixes for known vulnerabilities.

Cyber Essentials or Cyber Essentials Plus?

Cyber Essentials is a self-assessed questionnaire centred on the implementation and management of five technical controls.

Self-Assessment offers the minimum amount of IT Security all UK businesses should be meeting that will defend you against the most common cyber threats. To complete the questionnaire, you must review these controls, ensure they are implemented and configured correctly. This is reviewed and marked by a Claranet Cyber Essentials Assessor.

Cyber Essentials Plus is a physical verification of the controls you declared within the self-assessment and includes an additional vulnerability assessment.

Claranet will run up to 7 tests against a sample of end-user devices to check that controls are in place and working effectively. Vulnerability assessments offer peace of mind that external attack surfaces meet compliance.

What are the benefits of upgrading to Cyber Essentials Plus?

Cyber Essentials Plus offers additional peace of mind that the controls you have in place are working. An Assessor will simulate a range of common threats against your end-user devices and external attack surface to see how they withstand. This is close to a real attack within a controlled environment

For some supply chains and Government tenders, full certification is a prerequisite. So gaining Cyber Essentials Plus now will help you get ready if this might impact your organisation.

When you gain Cyber Essentials PLUS, you get the badge to promote your achievement. This can improve your credibility and offers a point of differentiation.

Demonstrate your commitment to cybersecurity

Cyber Essentials

Access support from a qualified assessor
Expert guidance and advice from experienced penetration testers
Fully online service, delivered remotely
We review questionnaire responses with you to ensure they meet the standards set by Cyber Essentials
Receive your results and certification on the consultancy day (Provided all client tasks are complete)

Cyber Essentials Plus

3 main elements – Cyber Essentials Basic, Technical Audits, Reporting
Technical audits delivered remotely or onsite
Includes external vulnerability scan
Progress tracked, updates and results provided through online portal
Expert guidance and advice from experienced penetration testers

Ready to talk?

Our accreditations and partnerships

FAQs

Certification Questions:

Why should we get Cyber Essentials?

With common, easy to exploit cyber-attacks on the rise there isn’t a better time to start looking at the fundamentals of your IT security posture.

Cyber Essentials helps protect organisations against 80% of the most common cyber threats and starts your journey to better IT security and awareness.

Achieving either Cyber Essentials demonstrates that you take the security of IT assets and data seriously. This can attract new business from others that think the same way about their IT security.

Cyber Essentials is a stepping stone to advanced frameworks such as ISO27001 that focus on some of the same security controls.
What’s the difference between Cyber Essentials and Cyber Essentials Plus?

Cyber Essentials is an online self-assessment questionnaire that will be completed by your organisation, your assessment is marked by an official Cyber Essentials assessor where it’s deemed as either a FAIL or PASS. Cyber Essentials highlights five key technical controls that, if implemented correctly, can boost your IT security. Once all questions have been declared the assessment must be signed off by a board member of your organisation.

Cyber Essentials Plus is a physical verification of the controls declared on your self-assessment. This includes an external vulnerability assessment and an assessor will conduct seven tests on your internal network, end-user devices and external infrastructure to confirm controls are implemented correctly. This gives you the peace of mind that your IT security is implemented and working correctly.
We only require Cyber Essentials right now, can we come back for Plus?

That’s fine, you have three months from passing the self-assessment to complete a Plus audit without the need of re-sitting the self-assessment, after the three months your must complete and pass the self-assessment before doing Plus.
Is Cyber Essentials a “one-off”?

It’s a yearly renewal to keep your certificate and listing on the official NCSC website as Cyber Essentials certified.
We passed last year does this guarantee a pass on our renewal?

Unfortunately, not, Cyber Essentials changes year on year so you must stay up to date with the changes and implement them throughout the year to ensure your renewal runs as smooth as possible. To help we can deliver gap analysis and requirements overviews throughout the year where required.

Service Delivery Questions:

What is the process for getting certified?

It’s simple.

For the Cyber Essentials Self-Assessment, you will be given access to an online portal where you will complete a series of questions. Once done you will submit these for Claranet to review. If you’re failing in any of the areas, we will offer guidance and time to remediate these issues before we re-mark your assessment. Once ready to pass you will receive a Certificate and listing on the NCSC website as certified.

Once you have passed the Self-Assessment, you can opt for a higher level of assurance with Cyber Essentials Plus. This is a technical audit and is typically carried out remotely. A point of contact must be nominated at your organisation, and they will work with the Claranet Assessor to give them access to the devices that require testing.

Technical Questions:

What are some common failure points for both assessments?
Cyber Essentials:
- Unsupported computing hardware that is EOL for firmware updates
- Unsupported operating systems
- Unsupported applications
- Not being able to meet compliance in multiple areas
- Unmanaged personal devices
Cyber Essentials Plus:
- Multiple critical or high vulnerabilities during the external or internal scan that can’t be remediated within 30 days
- MFA not being applied to cloud service admin accounts
- End-users being able to execute privileged tasks
- Information found that contradicts the self-assessment
I can’t achieve compliance with certain areas of my organisation, what can we do?

You can sometimes achieve compliance with un-supported devices or non-compliant locations via network segregation using boundary firewall or VLAN rules, in Cyber Essentials this is known as “de-scoping”.

De-scoping offers less protection than including your whole organisation and you must declare this on your certificate.

Book a 1-2-1 consultation

Speak to our team, develop your knowledge, and confidentially discuss your security challenges via a no-commitment 1:1 consultation. Whether it's a specific solution you need more information on or a question you can't find an answer to, we're here

Tel: 0330 390 0504

Cyber Essentials

Take the stress out of certification with support from our experienced Cyber Essentials Assessors.

What is Cyber Essentials?

We'd love to help you achieve Cyber Essentials, so if you'd like a quote please click here and provide us with the information we'll need to get you a price and a delivery date

Benefits of certification

Protect your organisation from 80% of common cyber-threats

Bid for Government, public sector and supply-chain contracts

Free Cyber Insurance or reduced premiums

Increased credibility and marketing strategy

Ready? How to get certified

To avoid an opportunist attack, Cyber Essentials examines your basic security hygiene.

Firewalls

Cyber Essentials 5 technical control themes

User Access Control

Secure configuration

Malware protection

Security Update Management

Cyber Essentials or Cyber Essentials Plus?

What are the benefits of upgrading to Cyber Essentials Plus?

Demonstrate your commitment to cybersecurity

Cyber Essentials

Cyber Essentials Plus

Our accreditations and partnerships

FAQs

Certification Questions:

Why should we get Cyber Essentials?

What’s the difference between Cyber Essentials and Cyber Essentials Plus?

We only require Cyber Essentials right now, can we come back for Plus?

Is Cyber Essentials a “one-off”?

We passed last year does this guarantee a pass on our renewal?

Service Delivery Questions:

What is the process for getting certified?

Technical Questions:

What are some common failure points for both assessments?

I can’t achieve compliance with certain areas of my organisation, what can we do?

Book a 1-2-1 consultation

Claranet UK

Quick Links

Contact

Social