The Cyber Essentials Certification Scheme
Your Certification made easy: Get Cyber Essentials, Cyber Essentials Plus and IASME Cyber Assurance (previously IASME Governance), with Equilibrium Security your expert certification body.
Pass Cyber Essentials first time with our expert guidance
As a long-established Government Cyber Essentials assessor, Equilibrium can help you:
- Get Cyber Essentials certified
- Strengthen your Cyber Security measures with specialist guidance
- Demonstrate to your customers that you are following best practice
What is the Cyber Essentials Scheme?
The Cyber Essentials scheme is a Cyber Security certification programme developed by the UK government to help organisations, both in the public and private sectors, protect themselves against common cyber attacks.
It was launched in 2014 as part of the UK’s National Cyber Security Strategy and is designed to encourage good Cyber Security practices and raise the overall level of Cyber Security in the country.
The government mandates that any supplier bidding for contracts that involve managing specific sensitive and personal data must possess a valid Cyber Essentials certificate.
Equilibrium Security are one of the few Government Cyber Essentials UK Certification bodies within the Midlands. We have been working alongside IASME conducting Cyber Essentials and Cyber Essentials Plus assessments since 2016.
Need a Trusted Cyber Essentials Company? We’re at Your Service.
We help businesses get certified quickly and with confidence. Whether you’re new to the process or need support with your Cyber Essentials renewal, our team makes it simple to meet the requirements and stay compliant.
What Are The Cyber Essentials Accreditation 5 Key Technical Controls?
Firewalls
Firewalls block unauthorised access to your network. They control what comes in and out, and must be correctly configured to work.
Security Update Management
Keep all software and systems updated to fix known flaws. Remove or upgrade anything outdated or unsupported.
Malware protection
Use antivirus software or whitelisting to stop malicious programs. You can also use isolation tools and train staff to spot threats.
User Access Control
Only give users access to what they need, and remove old access. This limits the risk if an account is misused or hacked.
Secure Configuration
Set up devices and software securely by disabling unnecessary functions. This reduces vulnerabilities and limits exposed information.
What is a Cyber Essentials Certification?
The Cyber Essentials certification is a Government-backed scheme designed to help UK businesses protect themselves against common online threats. It starts with a self-assessment questionnaire, completed via the official IASME Cyber Essentials portal, covering five core areas of cyber security — from firewall configuration to access control.
The 70-question form is designed to assess your organisation’s current cyber posture and highlight any areas needing improvement. Certification demonstrates that your business meets the baseline technical standards required by the NCSC Cyber Essentials framework.
At Equilibrium, our experienced consultants provide remote, hands-on support throughout the process, helping you complete the questionnaire with clarity and confidence — and pass first time.
What is a Cyber Essentials Plus certification?
Cyber Essentials Plus is the advanced level of certification. It includes all the requirements of the basic certification but goes further by incorporating a hands-on technical assessment conducted by our qualified assessors.
Using information from your self-assessment, we carry out a controlled set of tests — including vulnerability scans, configuration checks and simulated attacks — to verify that your cyber defences are working effectively in the real world.
If we identify any non-compliant areas, we’ll guide you through remediation steps to resolve them before issuing your Cyber Essentials Plus certificate, valid for 12 months.
Why choose Equilibrium as your Cyber Essentials Assessor?
- Established expertise: As a Government-recognised Cyber Essentials certification body since 2016, we’re fully up to speed with the scheme’s evolving criteria.
- Trusted by many: Our team has guided hundreds of UK organisations through successful certification — including Cyber Essentials, Cyber Essentials Plus, and IASME Cyber Assurance.
- Support at every step: We’ll work closely with you throughout the Cyber Essentials certification process to ensure you pass smoothly and with confidence.
Curious About Cyber Essentials In Action?
Learn how a software development company nailed the security basics with Cyber Essentials, making their continuous security journey easier and more manageable.
Your Cyber Essentials Plus Checklist
We would never want you to go in blind into a self-assessment, so we have created a Cyber Essentials checklist to make sure you’re well prepared. Before you complete, it’s a good idea to look over these areas, as they will be assessed for your Cyber Essentials certification.
Here’s what to expect for an NCSC Cyber Essentials Plus Assessment:
- A qualified assessor will carry out an audit on a selection of computers to verify their alignment with the scheme’s specifications.
- The auditor will perform a vulnerability scan on these devices to ensure that patching and fundamental configurations meet the required standards.
- An external port scan of your publicly accessible IP addresses will be executed to detect any misconfigurations or vulnerabilities.
- Testing will be conducted on your default email and internet browser settings to validate their configuration and their ability to thwart the execution of potentially harmful files.
- Screenshots will be captured as evidence demonstrating the system’s compliance with Cyber Essentials.
Cyber Essential Accreditation plus checklist:
- Hardware and Devices: Ensure you know all the electronic equipment your organisation uses, such as computers, laptops, phones, and printers. Keep an inventory and understand ownership.
- Software and Firmware: Know your software and firmware, ensuring they're up-to-date and supported by manufacturers. Keep a list of all software used.
- Boundary Devices: Check your office firewall and router. Change default passwords and secure them against external threats.
- Firewalls and Internet Gateway: Protect your internet gateway with a firewall. Review and configure your settings, blocking unnecessary services.
- Cloud Services: List all cloud services used, enable Multi-Factor Authentication (MFA) on all accounts, and understand your shared security responsibilities.
- Secure Configurations: Disable unnecessary software and ensure default passwords are changed. Enhance security settings.
- Protection Against Malware: Keep all devices updated with automatic updates. Install and update antivirus software to protect against malware.
- User Accounts: Establish processes for creating, tracking, and managing user and admin accounts. Ensure admin accounts are used responsibly.
- Use of Passwords: Ensure that you are utilising the best protection for password guessing, establishing password quality management and user support and education within your organisation.
The Cyber Essentials Scheme Process
Before we can provide a quote or proceed with the assessment we need to understand your environment so that we can fully define the technical scope of what the test will cover.
You can then move onto populating the online Cyber Essentials questionnaire. This is when you need to meet the Cyber Essentials requirements. We will provide Cyber Essentials guidance throughout. However before this is submitted, our dedicated consultants will review your Cyber Essentials answers to check they meet the scheme’s requirements. If changes are required, we provide detailed guidance on areas which need improvement. Once successful, you are deemed as being Cyber Essentials compliant and you will be issued with a Cyber Essentials certification for 12 months.
After completing the Cyber Essentials certification we move onto the next stage. To pass Cyber Essentials Plus we need to run a series of security tests. This requires our experts to remotely conduct external and internal vulnerability scans. We will also conduct a series of other security checks to test the information obtained in your Cyber Essentials questionnaire. This then lets us know the areas of non compliance you may need to remediate before passing.
If vulnerabilities are discovered, or other areas of non-compliance, we will provide detailed remediation guidance which needs to be applied within 30 days of the Cyber Essentials Plus assessment.
Once you have followed all remediation steps, we will conduct a retest to check you comply with the CE+ criteria, you will then be awarded your CE+ certificate for 12 months.
The Benefits of Cyber Essentials
Win New Business
Cyber Essentials helps to assure new customers that you take the security of your business seriously and follow industry best practice.
Public Sector Contracts
Cyber Essentials and Cyber Essentials Plus permits you to work with the government and MOD.
Cyber Liability Insurance
Benefit from up to £25,000 worth of cyber insurance as part of the certification, conditions apply.
Reduce the risk of a breach
Improve cyber-resilience by implementing the baseline security requirements of the Cyber Essentials five security controls.
Customer Feedback
Get Cyber Essentials: Work with a Trusted UK Certification Body
Whether a client’s asked for it, you’re bidding for a public sector contract, or you just want to get the basics right — Cyber Essentials is a smart move. It shows you take security seriously and helps protect your business from common cyber threats.
At Equilibrium, we’re an accredited IASME Cyber Essentials certification body, helping organisations across the UK get their Cyber Essentials certificate quickly and with minimal hassle. We’ve supported companies of all sizes through the process — whether it’s your first time or part of your ongoing compliance plan. We know the Cyber Essentials UK standards inside out and make the process as clear and straightforward as possible.
- Get certified with confidence: We’ll guide you through the full Cyber Essentials scheme, helping you complete the self-assessment and meet the technical requirements.
- Boost your cyber resilience: Put the core Cyber Essentials controls in place to reduce your risk and protect against everyday cyber attacks.
- Get expert advice on your security setup: Unsure if you’re doing things right? We’ll walk you through the Cyber Essentials requirements and help close any gaps.
Frequently Asked Questions
The simple answer is no. Before you can move onto the Cyber Essentials Plus, you must first pass the Cyber Essentials basic certification, as the Plus audit assesses the information provided in your Cyber Essentials questionnaire. Once the NCSC Cyber Essentials standard is achieved, you must pass your CE+ within 90 days. This is the same with any UK Cyber Essentials consultancy firm.
Read more about the CE Plus Assessment without Cyber Essentials here.
Cyber Essentials qualification is a self-assessed and independently verified questionnaire. The assessment has 70 questions which looks at your Cyber Essentials certification requirements as a company to see if your current approach to securing your business is in-line with the IASME cyber baseline.
The IASME Cyber Essentials certified Plus provides a higher level of assurance, it involves us auditing your systems utilising many vulnerability tools to test the effectiveness of the security measures in place.
Read more about the difference between Cyber Essentials and Cyber Essentials Plus here.
Cyber liability insurance is provided as part of the HMG Cyber Essentials certification package on an ‘opt-in’ basis. The cyber insurance is available for businesses with an annual turnover of under 20 million, conditions apply.
Read more about how to sign up for Cyber Liability Insurance
Yes, Cyber Essentials and Cyber Essentials Plus certificates are due for renewal after 12 months. If you choose not to renew, your business will be removed from the NCSC’s ‘certified organisations’ list, you will also lose your cyber insurance and ability to work with public sector companies.
Read more about the Cyber Essentials’ certificate expiry dates here.
As with any certification scheme, it does take an investment in both time and money. There are several factors that will impact the certification timelines, including the chosen certification level and the efficiency of the certification process.
Read here to find out how long does it take to get Cyber Essentials NCSC and what are the factors that influence this timeline.
The IASME Consortium is the accreditation body that administers the Cyber Essentials certification scheme on behalf of the UK Government. You can visit the Cyber Essentials website here.
IASME oversee the UK gov Cyber Essentials scheme helping to ensure it’s operating as intended, provides valid protection against cyber-attacks, that consistency is being maintained and that any disputes are quickly resolved.
Find out more about the Cyber Essential Accreditation Bodies here.
If you’re wondering how much the Cyber Essentials price, then it’s important to remember that this can vary. Much will depend on the size of your organisation and the support you need to achieve certification.
Find out more about the cost of Cyber Essentials Certification here.
Cyber Essentials completed via IASME, is a certification scheme developed by the UK government to help organisations, both large and small, protect themselves against common online threats and demonstrate their commitment to Cyber Security best practices. The certification aims to improve the overall Cyber Security posture of organisations and reduce the risk of cyberattacks. This commitment is demonstrated through a combination of a self-assessment and validation by an IASME certified assessor, which includes vulnerability tests to ensure the accuracy of the self-assessment.
Cyber Essentials certification is the recognised standard in the UK promoting and assessing Cyber Security best practices in both the private and public sectors.
Find out more about the Cyber Essentials certification here.
You may ask yourself, why do I need Cyber Essentials? The certification scheme gives organisations confidence that they have strong security measures in place against some of the most common and insidious cyber challenges. It also helps to reassure customers, clients and suppliers that valuable information and data won’t be at risk.
Find out more about Cyber Essentials importance here.
The Cyber Essentials certification UK is relevant to a wide range of organisations regardless of their size or sector and can provide a number of tangible benefits. You can check what organisations currently have Cyber Essentials Plus Certificate.
Find out more on how to get Cyber Essentials certification and who has cyber essentials here.
Tired of the technical jargon and just want Cyber Essentials explained?
Cyber Essentials is a Cyber Security certification scheme that has been developed to help organisations protect themselves from common cyber threats. The Cyber Essentials framework requires you to fill out a 70 question questionnaire, with help from us at Equilibrium.
The UK Government Cyber Essentials scheme, accredited by the IASME Consortium, the Cyber Essentials Partner to the National Cyber Security Centre (NCSC), allows you to demonstrate a strong Cyber Security within your business.
What’s stopping you from filling out the Cyber Essentials form?
Being Cyber Essential certified will add a number of benefits to your organisation. You will gain enhanced Cyber Security, credibility as well as a competitive advantage. Once certified you can bid for Cyber Essentials MOD contracts. Having UK Cyber Essentials demonstrates that your organisation has achieved the highest standards of Cyber Security.
If you are unsure whether or not your business is ready to undertake a Cyber Essentials or Cyber Essentials Plus assessment we can run a gap analysis before you move forward. Our gap analysis carefully reviews your current Cyber Security to make sure it meets Cyber Essentials Plus requirements. It helps spot areas that don’t comply before your main assessment, giving you a chance to prepare.
Contact us here to find out more information, and let one of the top Cyber Essentials accredited companies help you!
Once you start the process with Equilibrium this is where your Cyber Essentials implementation starts. You will be registered to sign up for the IASME Cyber Essentials login.
The Cyber Essentials IASME portal is an online platform provided by the IASME Consortium to facilitate the certification process for organisations seeking a Cyber Essentials certification.
The portal allows organisations to complete the Cyber Essentials self-assessment questionnaire, which covers key Cyber Security practices. Once the questionnaire is submitted, it is reviewed by IASME assessors to start the Cyber Essentials testing to determine if the organisation meets the Cyber Essentials certification requirements. Your IASME Cyber Essentials login is essential for your UK Gov Cyber Essentials accreditation.
Are you interested in moving forward with Cyber Essentials? Contact us here to find out how you can buy the Cyber Essentials.
When working with organisations, a lot of them struggle to understand the patching requirements to ensure they are Cyber Essentials compliant.
It’s crucial for organisations to keep all tech up to date. This can include, tablets, phones, laptop or computers. You must make sure that the operating systems as well as the software and apps you use are all kept up to date. These updates not only introduce new features but also fix any security vulnerabilities they discover. Applying these updates, known as “patching,” is one of the most vital steps you can take to enhance security.
For Cyber Essentials Certification, it’s mandatory to keep all software up to date.
Whilst there isn’t a specific time period specified the Cyber Essentials requirement is that mobile devices have screen lock timeout measures, with a password/code having to be used to reopen the device more frequently.
IASME Cyber Essentials is a basic self-assessment certification for fundamental Cyber Security controls, while IASME Cyber Assurance is a more comprehensive certification with third-party assessments, covering a wider range of security measures, suitable for organisations with higher security requirements.
Find out more about the differences between IASME Cyber Essentials and IASME Cyber Assurance.
IASME Cyber Assurance is a comprehensive Cyber Security certification to verify the effectiveness of your security and governance measures. It goes beyond compliance, providing a higher level of confidence in an organisation’s approach to risk and mitigation.