The Cyber Essentials Scheme
We can help you achieve Cyber Essentials, Cyber Essentials Plus and IASME Cyber Assurance with the Government Cyber Essentials Scheme.
Your Certification made easy: Pass first time with our Cyber Essentials and Cyber Essentials Plus Scheme
Cyber Essentials and Cyber Essentials Plus Accreditation is a NCSC government-backed scheme which establishes the basics of security which all businesses should follow.
As a long-established Cyber Essentials assessor, Equilibrium can help you:
- Achieve Cyber Essentials
- Strengthen your security measures
- Demonstrate to your customers that you are following best practice
Equilibrium Security are one of the few Cyber Essentials Certification bodies within the Midlands. We have been working alongside IASME conducting Cyber Essentials and Cyber Essentials Plus assessments since 2016.
Ready to achieve your security goals? We’re at your service.
Whether you are a CISO, an IT Director or a business owner, Equilibrium has the expertise to help you shape and deliver your security strategy with our Cyber Security essentials scheme.
Cyber Essentials 5 Key Security Controls
What does Cyber Essentials cover? Make sure you know the Cyber Essentials 5 Controls:
Firewalls and routers
A firewall must be in place to protect your internet connected devices.
Software updates
Regularly update your applications & critical systems to identify & remediate vulnerabilities.
Malware protection
Protect your organisation from virus’s, malware. Keep up to date with the Cyber Essentials Malware protection defences.
Access controls
Reduce the likelihood of unauthorised access, by controlling who can access sensitive data.
Secure configuration
Prevent hackers gaining unauthorised access to your systems.
Cyber Essentials basic
The Cyber Essentials scheme is a self-assessment questionnaire that is completed via an online portal. The questions are based around its five key security controls, their aim to review your current security posture and identify areas for improvement.
Our expert security consultants provide remote support to guide you through the process and help you achieve the certification quickly and painlessly, so you can receive your Cyber Essentials certificate.
Cyber Essentials Plus
What is Cyber Essentials Plus?
Cyber Essentials Plus Scheme is the next stage on from the basic Cyber Essentials Self-Assessment Certification. It tests an organisations security against the information obtained in the self-assessment Cyber Essentials questionnaire. As part of the certification, we will run a series of security tests and carefully managed attacks to test the effectiveness of your security controls.
If there are areas that we identify that are in breach of the assessment, we will provide remediation actions that you will need to apply prior to us issuing the certification. Equilibrium Security will then issue the certification for Cyber Essentials Plus, which will be valid for 12 months.
Why Equilibrium?
- As a Cyber Essentials IASME certification body since 2016, we are well-versed with the schemes evolving criteria.
- Our team have certified countless companies throughout the years to achieve Cyber Essentials, Cyber Essentials Plus and IASME Cyber Assurance.
- We're with you every step of the way of the certification process to help you pass with flying colours!
Want to prepare for Cyber Essentials Assessment?
We would never want you to go in blind into a self-assessment, so we have created a Cyber Essentials checklist to make sure you’re well prepared.
Here’s what to expect for a Cyber Essentials Plus Assessment:
- A qualified assessor will carry out an audit on a selection of computers to verify their alignment with the scheme’s specifications.
- The auditor will perform a vulnerability scan on these devices to ensure that patching and fundamental configurations meet the required standards.
- An external port scan of your publicly accessible IP addresses will be executed to detect any misconfigurations or vulnerabilities.
- Testing will be conducted on your default email and internet browser settings to validate their configuration and their ability to thwart the execution of potentially harmful files.
- Screenshots will be captured as evidence demonstrating the system’s compliance with Cyber Essentials.
A quick guide to the Cyber Essentials Plus Checklist
Before you complete, it’s a good idea to look over these areas and equipment as they will be assessed for your Cyber Essentials certification.
Cyber Essential Assessment plus checklist :
- Hardware and Devices: Ensure you know all the electronic equipment your organisation uses, such as computers, laptops, phones, and printers. Keep an inventory and understand ownership.
- Software and Firmware: Know your software and firmware, ensuring they're up-to-date and supported by manufacturers. Keep a list of all software used.
- Boundary Devices: Check your office firewall and router. Change default passwords and secure them against external threats.
- Firewalls and Internet Gateway: Protect your internet gateway with a firewall. Review and configure your settings, blocking unnecessary services.
- Cloud Services: List all cloud services used, enable Multi-Factor Authentication (MFA) on all accounts, and understand your shared security responsibilities.
- Secure Configurations: Disable unnecessary software and ensure default passwords are changed. Enhance security settings.
- Protection Against Malware: Keep all devices updated with automatic updates. Install and update antivirus software to protect against malware.
- User Accounts: Establish processes for creating, tracking, and managing user and admin accounts. Ensure admin accounts are used responsibly.
- Use of Passwords: Ensure that you are utilising the best protection for password guessing, establishing password quality management and user support and education within your organisation.
The Cyber Essentials Process
Before we can provide a quote or proceed with the assessment we need to understand your environment so that we can fully define the technical scope of what the test will cover.
You can then move onto populating the IASME Cyber Essentials questionnaire. Before this is submitted, our consultants will review your answers to check they meet the scheme’s criteria. If changes are required, we provide detailed guidance on areas which need improvement. Once successful, you will be issued with a Cyber Essentials certificate for 12 months.
Our experts will remotely conduct external and internal vulnerability tests, as well as a series of other security checks to test the information obtained in your Cyber Essentials questionnaire. There is not a second Cyber Essentials Plus Questionnaire, we only check the answers from the Cyber Essentials basic questionnaire.
If vulnerabilities are discovered, or other areas of non-compliance, we will provide detailed remediation guidance which needs to be applied within 30 days of the Cyber Essentials Plus assessment.
Once you have followed all remediation steps, we will conduct a retest to check you comply with the Cyber Essentials plus criteria, you will then be awarded your Cyber Essentials Gov’ Plus certificate for 12 months.
The Benefits of Cyber Essentials
Win new business
Cyber Essentials helps to assure new customers that you take the security of your business seriously and follow industry best practice.
Public sector contracts
Cyber Essentials and Cyber Essentials Plus permits you to work with the government and MOD.
Cyber Liability Insurance
Benefit from up to £25,000 worth of cyber insurance as part of the certification, conditions apply.
Reduce the risk of a breach
Improve cyber-resilience by implementing the baseline security requirements of the Cyber Essentials five security controls.
Looking for a top Cyber Essentials certification UK body?
Equilibrium is a Certification Body for The IASME Consortium, the Cyber Essentials Partner to the National Cyber Security Centre (NCSC). We can offer Cyber Essentials, Cyber Essentials Plus, IASME Cyber Assurance and GDPR Readiness Assessments as a Certification Body.
If you would like to find out more about our Cyber Essentials pricing please arrange an expert call or call us on 0121 663 0055.
- Cyber Essentials Certification
- IASME Cyber Assurance (excellent alternative to ISO 27001)
- GDPR Readiness Assessments
Frequently Asked Questions
The simple answer is no. Before you can move onto the Cyber Essentials Plus, you must first pass the Cyber Essentials basic certification, as the Plus audit assesses the information provided in your Cyber Essentials questionnaire. Once Cyber Essentials basic is achieved, you must pass your Cyber Essentials Plus requirements within 90 days.
Read more about the what is required for Cyber Essentials plus here.
Cyber Essentials basic is a self-assessed and independently verified questionnaire. The assessment has 70 questions which qualify that your current approach to securing your business is in-line with the CE framework. Cyber Essentials Certified Plus provides a higher level of assurance, it involves us auditing your systems utilising many vulnerability tools to test the effectiveness of the security measures in place.
Read more about the difference between Cyber Essentials Framework vs Cyber Essentials Plus here.
Cyber Liability Insurance is provided as part of the Cyber Essentials certification package on an ‘opt-in’ basis. The cyber insurance is available for businesses with an annual turnover of under 20 million, conditions apply.
Yes, Cyber Essentials and Cyber Essentials Plus certificates are due for renewal after 12 months. If you choose not to renew, your business will be removed from the NCSC’s ‘certified organisations’ list, you will also lose your cyber insurance and ability to work with public sector companies.
Read more about the Cyber Essentials’ certificate expiry dates here.
As with any certification scheme, it does take an investment in both time and money. There are several factors that will impact the certification timelines, including the chosen certification level and the efficiency of the certification process.
Read here to find out how long does it take to get Cyber Essentials and what Cyber Essentials technical requirements factors that influence this timeline.
The IASME Consortium is the accreditation body that administers the Cyber Essentials certification scheme on behalf of the UK Government.
IASME oversee the UK Government Cyber Essentials scheme helping to ensure it’s operating as intended, provides valid protection against cyber-attacks, that consistency is being maintained and that any disputes are quickly resolved.
Find out more about the Cyber Essential Accreditation Bodies here.
If you’re wondering how much the Cyber Essentials scheme certification costs, then it’s important to remember that this can vary. Much will depend on the size of your organisation and the support you need to achieve certification. This goes for the Cyber Essentials Plus certification cost as well.
Find out more about the Cyber Essentials cost here.
Cyber Essentials is a government-backed Cyber Security accreditation scheme that has been developed to ensure an organisation’s systems and data are secured against a range of online threats. The NCSC Cyber Essentials requirements are recognised as a high standard in the UK promoting and assessing Cyber Security best practices in both the private and public sectors.
Find out more about the Cyber Essentials certification here.
The certification scheme gives organisations confidence that they have strong security measures in place against some of the most common and insidious cyber challenges. It also helps to reassure customers, clients and suppliers that valuable information and data won’t be at risk. You will not be able to bid on government contracts without the Cyber Essentials Plus certification.
Find out more about Cyber Essentials importance here.
If you are weighing up the benefits of going with the ahead with the Cyber Essentials Plus certification, here are few benefits your organisation can gain. You can bid for government contracts, work towards becoming GDPR compliant, win more business by standing out from competitors.
Once you have passed the IASME Cyber Essentials Plus your organisation is seen as backed by the UK Government scheme which is maintained by the NCSC.
It is important to know that both Cyber Essentials and ISO 27001 complement each other and show that your organisation has strong Cyber Security. Cyber Essentials is an excellent alternative of achieving ISO 27001.
Find out how to get a Cyber Essentials Certification here.
When working with organisations, a lot of them struggle to understand the patching requirements to ensure they are Cyber Essentials compliant.
It’s crucial for organisations to keep all tech up to date. This can include, tablets, phones, laptop or computers. You must make sure that the operating systems as well as the software and apps you use are all kept up to date. These updates not only introduce new features but also fix any security vulnerabilities they discover. Applying these updates, known as “patching,” is one of the most vital steps you can take to enhance security.
For Cyber Essentials Certification, it’s mandatory to keep all software up to date.
ISO 27001 is a complex standard to achieve and lays out the plan for an effective information security management system. It lays out everything, from how your team handles things, to the processes in place and how you use them.
However, achieving the IASME Cyber Essentials Plus accreditation is a suitable alternative for smaller organisations. It focuses on essential security measures and how you’re taking a step towards securing your systems, data, and devices.