01Review
Readiness review
A clear gap analysis against the five controls, so you know exactly where you stand and what it will take to certify before you commit to anything.
Gap analysisScope agreedHonest baseline
Get Cyber Essentials certified, and stay certified.
Cyber Essentials is the UK government backed scheme that proves you have five technical security controls in place. We get you there cleanly, through both the self assessed certification and the audited Cyber Essentials Plus tier, then keep you certified at each annual renewal. Because we are an appointed certification body, the controls we put in place are the ones we assess against every day.
Verified
Cyber EssentialsCertification body
Cyber Essentials PlusCertified
Cyber EssentialsQualified assessor
ISO 27001UKAS accredited
5.0Google rating
Cyber Essentials / 01 · What it is
A recognised security baseline, reached without the pain.
Cyber Essentials checks five specific technical controls: firewalls, secure configuration, security update management, user access control, and malware protection. Get those right and you close off the most common, opportunistic attacks that hit UK businesses every day. It is the baseline a serious supply chain expects, and a clean way to prove to a worried client that you have the basics covered.
01Five controlsFirewalls, secure configuration, updates, access control, and malware protection.
02Two tiersSelf assessed certification, or Cyber Essentials Plus with an independent technical audit.
03Weeks, not monthsA prepared organisation can reach the base certification in a matter of weeks.
04Certified by usWe are an appointed certification body, so the controls and the assessment come from one team.
Cyber Essentials / 02 · What we do
From first review to a certificate that holds up.
We handle the whole path, or step in wherever you are stuck. Either way you get the certification and the controls behind it, not just a badge.
02Remediate
Close the gaps
We put the missing controls in place and tidy the configuration, plainly and without disruption, so you pass on merit rather than on paperwork.
Controls in placeSecure configurationRemediation guidance
03Certify
Certification and Plus
We guide the self assessment and, where you need it, the Cyber Essentials Plus technical audit, where an assessor checks your systems hands on rather than taking your word for it.
Self assessmentPlus auditSubmission support
04Maintain
Annual renewal
Certification lapses after a year. We keep the controls current and handle each renewal, so you stay certified without the last minute scramble.
Ongoing controlsAnnual renewalKept current
Cyber Essentials / 03 · How it works
A short, clear path to certified.
Most well prepared organisations reach the base certification in two to four weeks. Cyber Essentials Plus adds the independent technical audit and usually runs to four to eight weeks, depending on what needs fixing first.
01
Scope and review
We agree what is in scope and run a gap analysis against the five controls. You see the real starting position, in plain English.
02
Close the gaps
We put the missing controls in place and fix the configuration issues that would otherwise fail the assessment.
03
Assess and submit
We complete the self assessment with you and, for Plus, run the hands on technical audit, then submit for certification.
04
Renew
We keep the controls current through the year and handle the annual renewal, so the certificate never quietly lapses.
Not sure whether you need the base certification or Plus? Send us the contract clause or the supplier questionnaire. We will tell you plainly which tier it asks for before you spend a penny.
Cyber Essentials / 04 · The difference
We do not just hold the certification. We are the certification body.
Most providers hold Cyber Essentials. We are appointed to certify it, which means we assess organisations against the standard as part of what we do. When we put your controls in place, they come from the people who know exactly what the assessment looks for, so the work is built to stand up rather than to scrape through. And because we secure the technology as well as certify it, the controls are real and running, not ticked on a form.
BodyA certification body, not a holderAppointed to assess organisations against the standard, with qualified assessors in house.
RealControls that actually runWe secure the technology too, so the controls are live, not paperwork.
RecognisedWhat buyers expectThe baseline UK government contracts, insurers, and supply chains increasingly require.
FAQ
Common questions
What is Cyber Essentials?
Cyber Essentials is a UK government backed scheme that certifies you have five technical security controls in place: firewalls, secure configuration, security update management, user access control, and malware protection. It is designed to stop the most common, opportunistic attacks. The base level is a self assessment verified by a certification body. Cyber Essentials Plus adds an independent technical audit of your systems.
What is the difference between Cyber Essentials and Cyber Essentials Plus?
Both cover the same five controls. The difference is how they are checked. Base Cyber Essentials is a self assessment, verified by a certification body. Cyber Essentials Plus adds a hands on technical audit, where an assessor tests your systems directly rather than taking your word for it. Plus is often required for contracts that involve more sensitive data, so check what your contract or buyer actually asks for.
How long does Cyber Essentials take?
A well prepared organisation can reach the base certification in around two to four weeks. Cyber Essentials Plus usually takes longer, commonly four to eight weeks, because it includes the independent technical audit. The real timeline depends on how much needs fixing first, which a short readiness review will tell you up front so there are no surprises.
Do I need Cyber Essentials to win contracts?
Often, yes. Cyber Essentials is a minimum requirement for many UK government contracts, and it is increasingly expected by enterprise clients, insurers, and supply chains. Cyber Essentials Plus is sometimes specified for work involving sensitive data. If a contract or supplier questionnaire names a level, read it closely, and we are happy to confirm which tier it asks for before you commit.
What does it mean that you are a certification body?
It means we are appointed to assess and certify organisations against the Cyber Essentials standard, not merely hold the certificate ourselves. In practice it gives you two things: the controls we put in place are built by people who assess against the standard every day, and if you need to certify your own suppliers, we can do that too. The engineering and the assessment come from one accountable team.
Ready to get certified?
Book a Cyber Essentials review or send us the clause you need to satisfy. We will tell you which tier fits, what it takes, and how fast we can get you there. We reply within one working day, and you will speak to an engineer, not a salesperson.