Your journey to achieving Cyber Essentials Plus (CE+) starts by following this checklist which starts by downloading the scope and quotation form to help us to assess the costs involved in performing an on-site (or remote) vulnerability assessment.
- Scope and Quotation Form
- Cyber Essentials Plus Test Specification v3.0(Evendine)
- Cyber Essentials Plus Test Specification v3.1(Montpellier)
- Cyber Essentials Plus Checklist of key challenges our clients are reporting
- Checklist for the remote audit
Before the Plus assessment takes place, you must have achieved Basic level within three months.
The cost of the Plus certification includes Basic level assessment.
Cyber Essentials Plus checklist overview and timeline
1. Documentation
- Complete the Asset Declaration form (we will send this to you ahead of the test and is a showstopper form).
- Upload the form at least two weeks before assessment
- Submit Cyber Essentials Basic on the portal at least one week before assessment
2. Preparation
- Download and install Scanning software (if opting for a remote test)
- Provide contact details for your assessment technical lead
- Grant permission for external scans
- Arrange for agreed sample set of computers to be available for assessment
3. Prep Call
- Prep call with assessor to check everything is in place for the assessment. The Prep document must be read ahead of the call
4. Assessment
- Assessment day
- In the event of a failure, provide evidence of remediation and arrange a retest within a month, additionally, retests are free if they can be conducted remotely and take no longer than one hour to confirm. Otherwise, retest costs start from £400 plus VAT (if it is within one month).
- If a retest is not completed within a month, a full repeat assessment and re-quote is required
5. Certificate Issued
What is Cyber Essentials?
Cyber Essentials forms part of the UK’s National Cyber Security Programme to encourage businesses to take steps towards achieving a good baseline of cyber security.
Companies that implement the required controls could protect themselves from up to 80% of the common threats from the internet.
Adopting Cyber Essentials has become a major requirement to win business in many sectors, including Nuclear, Health (particularly the NHS), Education and Defense. Suppliers bidding for certain government contracts must have achieved either Cyber Essentials Basic or CE+.
The scheme is applicable all private sector organisations, universities, charities, and public sector organisations.
The main control areas include:
- Firewalls
- Secure configuration
- User access control
- Malware protection
- Security updates
Achieve Cyber Essentials Plus by following the checklist on this page and pass the onsite/remote assessment.
To keep up to date with the latest Cyber Essentials requirements, please read our blog pages here.