Secure 0118 359 2220 Get Started

Press ESC to close or Enter to search

Popular Pages
Managed IT Cyber Security Case Studies Pricing Contact
Home
About Us
Services
Managed IT Services Cyber Security & Compliance Microsoft 365 Cloud & Hosting Backup & Disaster Recovery Connectivity & Telephony Incident Response & 24/7 IT Support Reading
Pricing
Tools
Domain Health Check About You Password Generator
Resources
Case Studies Threat Intelligence Blog & Insights Guides FAQs Customer Portal Remote Support
Contact
Get Started
Live Security Feed
Your IPDetecting...
NCSCUK organisations urged to strengthen cyber defences ALERTPhishing attacks targeting Microsoft 365 users on the rise CISACritical vulnerabilities identified in popular software NEWSRansomware groups increasingly targeting SME businesses NCSCNew guidance released for securing remote workers ALERTBusiness email compromise attacks cost UK firms millions CISAZero-day exploits require immediate patching attention NEWSAI-powered threats becoming more sophisticated in 2025 NCSCUK organisations urged to strengthen cyber defences ALERTPhishing attacks targeting Microsoft 365 users on the rise CISACritical vulnerabilities identified in popular software NEWSRansomware groups increasingly targeting SME businesses NCSCNew guidance released for securing remote workers ALERTBusiness email compromise attacks cost UK firms millions CISAZero-day exploits require immediate patching attention NEWSAI-powered threats becoming more sophisticated in 2025
View Dashboard
Compliance

Do I Need Cyber Essentials for Government Contracts?

Quick Answer

For most government contracts involving personal data or IT systems, yes. It's been mandatory since 2014. Some contracts require Cyber Essentials Plus.

Quick answer: For most government contracts involving personal data or IT systems, yes. It's been mandatory since 2014. Some contracts require Cyber Essentials Plus.

The Rule

Since October 2014, suppliers bidding for government contracts must have Cyber Essentials certification if the contract involves:

  • Handling personal information
  • Providing certain ICT products or services
This covers most contracts where you're touching government data or systems.

Which Level?

Cyber Essentials (basic): Sufficient for many central government contracts. Self-assessed.

Cyber Essentials Plus: Required for:

  • Defence contracts (DEFCON 658)
  • Contracts with higher security requirements
  • Where specified in the tender
Check the specific tender. It will state which level is required.

MOD and Defence

Defence contracts almost always require Cyber Essentials Plus. DEFCON 658 makes this explicit for the defence supply chain.

CE Plus isn't optional for defence work. No certification = no contract.

Local Government

Local authorities often require Cyber Essentials but requirements vary. Some mandate it; others just prefer certified suppliers. Check the specific tender.

NHS

NHS contracts typically require either:

  • Cyber Essentials certification, or
  • Completion of the Data Security and Protection Toolkit (DSPT)
Sometimes both. The DSPT is NHS-specific; Cyber Essentials is the general standard.

What If I Don't Have It?

For current contracts: Some frameworks allow you to achieve certification within a defined period after contract award. Check the terms.

For new bids: You'll likely be excluded if certification is mandatory and you don't have it. It's a pass/fail criterion, not something you can talk your way around.

Realistically: If you're targeting government work, get certified before you need it. Certification takes weeks. Tenders have deadlines.

Maintaining Certification

Cyber Essentials certification lasts 12 months. You need to recertify annually.

Government frameworks typically require you to maintain valid certification throughout the contract. Lapsed certification = contract problems.

Our Advice

If government work is part of your strategy:

  1. Get Cyber Essentials Plus (not just basic)
  2. Get it before you need it
  3. Build recertification into your annual calendar
  4. Consider our Compliance-Ready managed services to stay compliant year-round
Being ready for opportunities beats scrambling when tenders appear.

---

*Disclaimer: Government contract requirements vary by department, framework, and specific tender. Always check the specific requirements in the tender documentation. Requirements may change—verify current guidance before bidding.*

---

about certification and compliance.

---

Related Questions