Cyber Essentials Plus - About the Assessment

Cyber Essentials Plus represents a more thorough level of certification than the foundational "Cyber Essentials Verified Self-Assessment". For organisations aiming to obtain the Plus certification, it is a prerequisite to hold a valid Cyber Essentials Verified Self-Assessment certificate issued within the previous three months. It's important to note that the Plus certification package may also include the initial Verified Self-Assessment if chosen as part of a bundled offering.

This certification entails a remote (or on-site) audit conducted by our assessors at Cyber Compliance, an IASME Cyber Essentials Certification body operated by NeedSec Limited. The primary purpose of the Cyber Essentials Plus audit is to verify that all security measures previously declared in the basic Cyber Essentials certification are fully enacted across the organisation's network.

The process of achieving Cyber Essentials Plus certification involves several critical steps and checks:

  1. Detailed System Audit: Our certified assessors will select a representative sample of your organisation's computers to inspect and verify that each device adheres to the Cyber Essentials scheme requirements.
  2. Vulnerability Scanning: We conduct comprehensive scans on these devices to ensure that they are patched correctly and configured to maintain a high level of security.
  3. External Port Scanning: An assessment of your organisation’s externally facing IP addresses will be performed to identify any potential misconfigurations or obvious vulnerabilities.
  4. Default Email and Internet Browser Testing: We will test how effectively your default email and internet browser setups block the execution of malicious files.
  5. Evidence Collection: Screenshots and other forms of evidence will be systematically gathered to document compliance with the Cyber Essentials standards.

If any issues are discovered during these assessments, organisations will be afforded a 30-day period to address these concerns. Failure to rectify the identified issues within this timeframe will unfortunately result in not achieving the certification.

Upon successfully meeting all the required standards, your organisation will be awarded the Cyber Essentials Plus certificate, which remains valid for one year from the date of issue. Your organisation will also be listed among the entities certified under the Cyber Essentials scheme, further promoting your adherence to these stringent security measures.

This rigorous assessment not only enhances your organisation's security posture but also demonstrates to partners, regulators, and clients your commitment to protecting data against cyber threats.


Do you require both Cyber Essentials and Cyber Essentials Plus? You can purchase our discounted package deal below:

Cyber Essentials & Cyber Essentials Plus Package

Back to blog