The Cyber Essentials Certification Scheme
Your Certification made easy: Get Cyber Essentials, Cyber Essentials Plus and IASME Cyber Assurance (previously IASME Governance), with Equilibrium Security your expert certification body.
Pass Cyber Essentials first time with our expert guidance
As a long-established Government Cyber Essentials assessor, Equilibrium can help you:
- Get Cyber Essentials certified
- Strengthen your Cyber Security measures with specialist guidance
- Demonstrate to your customers that you are following best practice
What is the Cyber Essentials Scheme?
The Cyber Essentials scheme is a Cyber Security certification programme developed by the UK government to help organisations, both in the public and private sectors, protect themselves against common cyber attacks.
It was launched in 2014 as part of the UK’s National Cyber Security Strategy and is designed to encourage good Cyber Security practices and raise the overall level of Cyber Security in the country.
The government mandates that any supplier bidding for contracts that involve managing specific sensitive and personal data must possess a valid Cyber Essentials certificate.
Equilibrium Security are one of the few Government Cyber Essentials UK Certification bodies within the Midlands. We have been working alongside IASME conducting Cyber Essentials and Cyber Essentials Plus assessments since 2016.
Ready to achieve your security goals? We’re at your service.
Stop asking yourself how do I achieve Cyber Essentials and start with us! Whether you are a CISO, an IT Director or a business owner, Equilibrium has the expertise to help you shape and deliver your security strategy. Let us be your Cyber Essentials Accredited company.
What Are The Cyber Essentials Accreditation 5 Key Technical Controls?
Firewalls
Firewalls block unauthorised access to your network. They control what comes in and out, and must be correctly configured to work.
Security Update Management
Keep all software and systems updated to fix known flaws. Remove or upgrade anything outdated or unsupported.
Malware protection
Use antivirus software or whitelisting to stop malicious programs. You can also use isolation tools and train staff to spot threats.
User Access Control
Only give users access to what they need, and remove old access. This limits the risk if an account is misused or hacked.
Secure Configuration
Set up devices and software securely by disabling unnecessary functions. This reduces vulnerabilities and limits exposed information.
What is a Cyber Essentials Certification?
The Cyber Essentials scheme is a self-assessment questionnaire that is completed via the online IASME Cyber Essentials portal. The 70 questions are based around its five key security controls, aimed at reviewing your current security posture and identifying areas for improvement to ensure Cyber Essentials compliance.
Our expert security consultants provide remote support to guide you through the NCSC Cyber Essentials criteria and process to help you achieve the Cyber Essentials certificate quickly and painlessly.
What is a Cyber Essentials Plus certification?
Cyber Essentials Plus is the next stage on from the basic Cyber Essentials Self-Assessment Certification. It tests an organisations security against the information obtained in the self-assessment Cyber Essentials questionnaire. As part of the certification, we will run a series of vulnerability scans, security tests and carefully managed attacks to test the effectiveness of your security controls.
If there are areas that we identify that are in breach of the assessment, we will provide remediation actions that you will need to apply prior to us issuing the Cyber Essentials Plus certificate. Equilibrium Security will then issue the certification for Cyber Essentials Plus, which will be valid for 12 months.
Curious About Cyber Essentials In Action?
Learn how a software development company nailed the security basics with Cyber Essentials, making their continuous security journey easier and more manageable.
Why choose Equilibrium as your Cyber Essentials Assessor?
- As a Government Cyber Essentials certification body since 2016, we are well-versed with the schemes evolving criteria.
- Our team have certified countless companies throughout the years to achieve Cyber Essentials, Cyber Essentials Plus and IASME Cyber Assurance.
- We're with you every step of the way of the Cyber Essentials certification process to help you pass with flying colours!
Want to prepare for your Cyber Essentials Accreditation?
We would never want you to go in blind into a self-assessment, so we have created a Cyber Essentials checklist to make sure you’re well prepared.
Here’s what to expect for an NCSC Cyber Essentials Plus Assessment:
- A qualified assessor will carry out an audit on a selection of computers to verify their alignment with the scheme’s specifications.
- The auditor will perform a vulnerability scan on these devices to ensure that patching and fundamental configurations meet the required standards.
- An external port scan of your publicly accessible IP addresses will be executed to detect any misconfigurations or vulnerabilities.
- Testing will be conducted on your default email and internet browser settings to validate their configuration and their ability to thwart the execution of potentially harmful files.
- Screenshots will be captured as evidence demonstrating the system’s compliance with Cyber Essentials.
Customer Feedback
A quick guide to the Cyber Essentials Plus Checklist
Before you complete, it’s a good idea to look over these areas and equipment as they will be assessed for your Cyber Essentials certification.
Cyber Essential Accreditation plus checklist :
- Hardware and Devices: Ensure you know all the electronic equipment your organisation uses, such as computers, laptops, phones, and printers. Keep an inventory and understand ownership.
- Software and Firmware: Know your software and firmware, ensuring they're up-to-date and supported by manufacturers. Keep a list of all software used.
- Boundary Devices: Check your office firewall and router. Change default passwords and secure them against external threats.
- Firewalls and Internet Gateway: Protect your internet gateway with a firewall. Review and configure your settings, blocking unnecessary services.
- Cloud Services: List all cloud services used, enable Multi-Factor Authentication (MFA) on all accounts, and understand your shared security responsibilities.
- Secure Configurations: Disable unnecessary software and ensure default passwords are changed. Enhance security settings.
- Protection Against Malware: Keep all devices updated with automatic updates. Install and update antivirus software to protect against malware.
- User Accounts: Establish processes for creating, tracking, and managing user and admin accounts. Ensure admin accounts are used responsibly.
- Use of Passwords: Ensure that you are utilising the best protection for password guessing, establishing password quality management and user support and education within your organisation.
The Cyber Essentials Scheme Process
Before we can provide a quote or proceed with the assessment we need to understand your environment so that we can fully define the technical scope of what the test will cover.
You can then move onto populating the online Cyber Essentials questionnaire. This is when you need to meet the Cyber Essentials requirements. We will provide Cyber Essentials guidance throughout. However before this is submitted, our dedicated consultants will review your Cyber Essentials answers to check they meet the scheme’s requirements. If changes are required, we provide detailed guidance on areas which need improvement. Once successful, you are deemed as being Cyber Essentials compliant and you will be issued with a Cyber Essentials certification for 12 months.
After completing the Cyber Essentials certification we move onto the next stage. To pass Cyber Essentials Plus we need to run a series of security tests. This requires our experts to remotely conduct external and internal vulnerability scans. We will also conduct a series of other security checks to test the information obtained in your Cyber Essentials questionnaire. This then lets us know the areas of non compliance you may need to remediate before passing.
If vulnerabilities are discovered, or other areas of non-compliance, we will provide detailed remediation guidance which needs to be applied within 30 days of the Cyber Essentials Plus assessment.
Once you have followed all remediation steps, we will conduct a retest to check you comply with the CE+ criteria, you will then be awarded your CE+ certificate for 12 months.
The Benefits of Cyber Essentials
Win new business
Cyber Essentials helps to assure new customers that you take the security of your business seriously and follow industry best practice.
Public sector contracts
Cyber Essentials and Cyber Essentials Plus permits you to work with the government and MOD.
Cyber Liability Insurance
Benefit from up to £25,000 worth of cyber insurance as part of the certification, conditions apply.
Reduce the risk of a breach
Improve cyber-resilience by implementing the baseline security requirements of the Cyber Essentials five security controls.
Get Cyber Essentials: Looking for a top UK Cyber Essentials certification body?
Why Choose Equilibrium Cyber Essentials Provider?
Are you tired of looking and searching for reliable Cyber Essentials certified companies? Well look no further!
Equilibrium is a Certification Body for The IASME Consortium, the Cyber Essentials Partner to the National Cyber Security Centre (NCSC). We can offer Cyber Essentials, Cyber Essentials Plus, IASME Cyber Assurance and GDPR Readiness Assessments as a Certification Body.
If you would like to find out more about our Cyber Essentials pricing, please fill in the below form or call us on 0121 663 0055.
Unsure about Cyber Essentials? Check out our Cyber Essentials certification checklist to make sure you’re on the right track!
- Get your Cyber Essentials Scheme basic certificate with expert guidance along the way.
- IASME Cyber Assurance (excellent alternative to ISO 27001)
- GDPR Readiness Assessments
Frequently Asked Questions
The simple answer is no. Before you can move onto the Cyber Essentials Plus, you must first pass the Cyber Essentials basic certification, as the Plus audit assesses the information provided in your Cyber Essentials questionnaire. Once the NCSC Cyber Essentials standard is achieved, you must pass your CE+ within 90 days. This is the same with any UK Cyber Essentials consultancy firm.
Read more about the CE Plus Assessment without Cyber Essentials here.
Cyber Essentials qualification is a self-assessed and independently verified questionnaire. The assessment has 70 questions which looks at your Cyber Essentials certification requirements as a company to see if your current approach to securing your business is in-line with the IASME cyber baseline.
The IASME Cyber Essentials certified Plus provides a higher level of assurance, it involves us auditing your systems utilising many vulnerability tools to test the effectiveness of the security measures in place.
Read more about the difference between Cyber Essentials and Cyber Essentials Plus here.
Cyber liability insurance is provided as part of the HMG Cyber Essentials certification package on an ‘opt-in’ basis. The cyber insurance is available for businesses with an annual turnover of under 20 million, conditions apply.
Read more about how to sign up for Cyber Liability Insurance
Yes, Cyber Essentials and Cyber Essentials Plus certificates are due for renewal after 12 months. If you choose not to renew, your business will be removed from the NCSC’s ‘certified organisations’ list, you will also lose your cyber insurance and ability to work with public sector companies.
Read more about the Cyber Essentials’ certificate expiry dates here.
As with any certification scheme, it does take an investment in both time and money. There are several factors that will impact the certification timelines, including the chosen certification level and the efficiency of the certification process.
Read here to find out how long does it take to get Cyber Essentials NCSC and what are the factors that influence this timeline.
The IASME Consortium is the accreditation body that administers the Cyber Essentials certification scheme on behalf of the UK Government. You can visit the Cyber Essentials website here.
IASME oversee the UK gov Cyber Essentials scheme helping to ensure it’s operating as intended, provides valid protection against cyber-attacks, that consistency is being maintained and that any disputes are quickly resolved.
Find out more about the Cyber Essential Accreditation Bodies here.
If you’re wondering how much the Cyber Essentials price, then it’s important to remember that this can vary. Much will depend on the size of your organisation and the support you need to achieve certification.
Find out more about the cost of Cyber Essentials Certification here.
Cyber Essentials completed via IASME, is a certification scheme developed by the UK government to help organisations, both large and small, protect themselves against common online threats and demonstrate their commitment to Cyber Security best practices. The certification aims to improve the overall Cyber Security posture of organisations and reduce the risk of cyberattacks. This commitment is demonstrated through a combination of a self-assessment and validation by an IASME certified assessor, which includes vulnerability tests to ensure the accuracy of the self-assessment.
Cyber Essentials certification is the recognised standard in the UK promoting and assessing Cyber Security best practices in both the private and public sectors.
Find out more about the Cyber Essentials certification here.
You may ask yourself, why do I need Cyber Essentials? The certification scheme gives organisations confidence that they have strong security measures in place against some of the most common and insidious cyber challenges. It also helps to reassure customers, clients and suppliers that valuable information and data won’t be at risk.
Find out more about Cyber Essentials importance here.
The Cyber Essentials certification UK is relevant to a wide range of organisations regardless of their size or sector and can provide a number of tangible benefits. You can check what organisations currently have Cyber Essentials Plus Certificate.
Find out more on how to get Cyber Essentials certification and who has cyber essentials here.
Tired of the technical jargon and just want Cyber Essentials explained?
Cyber Essentials is a Cyber Security certification scheme that has been developed to help organisations protect themselves from common cyber threats. The Cyber Essentials framework requires you to fill out a 70 question questionnaire, with help from us at Equilibrium.
The UK Government Cyber Essentials scheme, accredited by the IASME Consortium, the Cyber Essentials Partner to the National Cyber Security Centre (NCSC), allows you to demonstrate a strong Cyber Security within your business.
What’s stopping you from filling out the Cyber Essentials form?
Being Cyber Essential certified will add a number of benefits to your organisation. You will gain enhanced Cyber Security, credibility as well as a competitive advantage. Once certified you can bid for Cyber Essentials MOD contracts. Having UK Cyber Essentials demonstrates that your organisation has achieved the highest standards of Cyber Security.
If you are unsure whether or not your business is ready to undertake a Cyber Essentials or Cyber Essentials Plus assessment we can run a gap analysis before you move forward. Our gap analysis carefully reviews your current Cyber Security to make sure it meets Cyber Essentials Plus requirements. It helps spot areas that don’t comply before your main assessment, giving you a chance to prepare.
Contact us here to find out more information, and let one of the top Cyber Essentials accredited companies help you!
Once you start the process with Equilibrium this is where your Cyber Essentials implementation starts. You will be registered to sign up for the IASME Cyber Essentials login.
The Cyber Essentials IASME portal is an online platform provided by the IASME Consortium to facilitate the certification process for organisations seeking a Cyber Essentials certification.
The portal allows organisations to complete the Cyber Essentials self-assessment questionnaire, which covers key Cyber Security practices. Once the questionnaire is submitted, it is reviewed by IASME assessors to start the Cyber Essentials testing to determine if the organisation meets the Cyber Essentials certification requirements. Your IASME Cyber Essentials login is essential for your UK Gov Cyber Essentials accreditation.
Are you interested in moving forward with Cyber Essentials? Contact us here to find out how you can buy the Cyber Essentials.
When working with organisations, a lot of them struggle to understand the patching requirements to ensure they are Cyber Essentials compliant.
It’s crucial for organisations to keep all tech up to date. This can include, tablets, phones, laptop or computers. You must make sure that the operating systems as well as the software and apps you use are all kept up to date. These updates not only introduce new features but also fix any security vulnerabilities they discover. Applying these updates, known as “patching,” is one of the most vital steps you can take to enhance security.
For Cyber Essentials Certification, it’s mandatory to keep all software up to date.
Whilst there isn’t a specific time period specified the Cyber Essentials requirement is that mobile devices have screen lock timeout measures, with a password/code having to be used to reopen the device more frequently.
IASME Cyber Essentials is a basic self-assessment certification for fundamental Cyber Security controls, while IASME Cyber Assurance is a more comprehensive certification with third-party assessments, covering a wider range of security measures, suitable for organisations with higher security requirements.
Find out more about the differences between IASME Cyber Essentials and IASME Cyber Assurance.
IASME Cyber Assurance is a comprehensive Cyber Security certification to verify the effectiveness of your security and governance measures. It goes beyond compliance, providing a higher level of confidence in an organisation’s approach to risk and mitigation.