Cyber Essentials Plus
Cyber Essentials Plus is the highest level of certification offered under the Cyber Essentials scheme, an official UK wide, government-backed certification that helps companies guard against the most common cyber threats and reduce your risk by at least 80%.
Cyber Essentials Plus ensures you have the five technical controls needed in place, with cybersecurity verification completed by a CyberSmart regulated auditor.
Benefits of CyberPlus Essentials
Security of Services
Improve the security of your services against a government backed scheme
Sharing Data
Suppliers, partners and partners will feel more confident in sharing data with you
Industry Regulations
Provides assurance against a baseline security standard
CREST
Gain access to a dedicated team of CREST registered pen testers who will guide you through the process
Commitment
Show that your business is committed to being cyber secure
FAQS
Here are some of the main and most important questions in relation to the Cyber Essentials and Cyber Essentials Plus Scheme
1. What is Cyber Essentials?
Cyber Essentials is a Government-backed, industry-supported certification and run by National Cyber Security Centre (NCSC). It helps businesses to put basic security controls in place to fight most common cybersecurity threats. By achieving the certification your business shows the commitment to Cyber Security. There are two types of Cyber Essentials (CE) Certifications. Cyber Essentials Level 1 and Cyber Essentials Plus.
2. Why do you need Cyber Essentials?
By achieving Cyber Essentials your business is showing the commitment for Cyber Security. Your suppliers, partners and clients feel more confident in sharing data with you. If you are tendering for Government projects you must have Cyber Essentials. Some of the MoD projects and Local Authorities are asking for a minimum of Cyber Essentials Plus.
2. Why do you need Cyber Essentials?
By achieving Cyber Essentials your business is showing the commitment for Cyber Security. Your suppliers, partners and clients feel more confident in sharing data with you. If you are tendering for Government projects you must have Cyber Essentials. Some of the MoD projects and Local Authorities are asking for a minimum of Cyber Essentials Plus.
3. What is being tested in the process?
Cyber Essentials tests the following 5 areas of your IT infrastructure. Firewalls Secure Configuration User Access Control Malware Protection Patch Management
4. What type of Cyber Essentials should you go for? What's the difference?
We would recommend you to go for Cyber Essentials Plus. The reason being, it involves an onsite visit and testing from the Certification body and ensures that you have the required security controls in place. Although it costs more to achieve CE Plus certification it is absolutely worth it. Cyber Essentials Level 1 is a straightforward exercise where you answer the questionnaire from the certification body and they will evaluate your answers then perform an external scan on your IP address. If all goes well you will pass and certificate will be issued. In layman terms, Cyber Essentials level 1 is you saying you have the security controls in place and Cyber Essentials plus is the Certification Body testing if what you said is right.
5. How much does the certification cost ?
The certificate cost for Cyber Essentials Level 1 is around £300 + VAT. The certificate cost for Cyber Essentials Plus is around £2,200 + VAT. The costs are for certificates only. There will be an extra cost depending on your infrastructure and if you have security controls in place. If you are hiring an expert to help with this then costs will increase. In most cases, Cyber Essentials certification will cost you more than standard costs.
6. Do I need Cyber Essentials Level 1 to get Cyber Essentials Plus ?
The short answer is no. You can apply for either Cyber Essentials or the Plus. Not both. Cyber Essentials Plus involves going through level 1 where you would do the self-assessment questionnaire then external scan and the onsite visit by the Certification Body. You don’t need to pay for the certification twice.
7. Does the certification expire and if so how often do I need to renew and how much does it cost ?
Yes. Certification is only valid for a year and needs to be renewed every year to keep the status. The process will be same again but not as tedious as the first time as long as you are keeping up with security controls that were put in place.
8. Does it work for Mac's/Linux? How is the testinh being carried out ?
The way the testing works is, you will need to pick one build [in laymen terms, sample] per group. For example, if you use Mac, Linux, Windows 7 or 10, etc… you will need to pick one per build and they will be tested.
9. How about if we have multiple offices or remote workers ?
Any system or the user that is accessing the company’s data comes under the scope for Cyber Essentials. If you are going for Cyber Essentials Plus then the assessor needs to visit all locations. There might be extra charges for expenses and extra days of work.
10. If we fail, can we try again and how much does it cost?
If you fail you need to go through it again. The costs will be the same. However, we recommend you work with a Cyber Essentials consultant who makes sure you have the required controls in place and hence you will achieve the certification without any hiccups. MELIUS are an Approved Cyber Essentials Practitioner. Unless your infrastructure really poor and you are not willing to update then chances are you will likely fail. In fact, why go through the exercise when you don’t want to update your systems to be more secure?
11. Why do I need a consultant? And how much do you cost/what money do you save me/value do you add?
The need for a consultant depends on how good your infrastructure is and if you have internal resources to help. For example, if you are going for Cyber Essentials Level 1 it is a straightforward process for an IT literate person. You need to know what controls you have in place for the company. If you don’t know or don’t have the required controls then you will benefit from having a consultant help you. The whole exercise is to make sure you have security controls in place to ensure your business is not impacted by most common cyber threats. A good consultant will keep you right. If you do have an IT department and they need an extra hand or they don’t know where to start you will also benefit from a consultant service. If you are going for Cyber Essentials Plus we would definitely recommend bringing an approved practitioner/assessor onboard. They will help you save time, hassle and make sure you have the controls in place to achieve the certification. They will also help you with the pre-audit scan. It will save you from failing the certification and going through the process again.
12. What is the benefit of having Cyber Essentials Plus?
Cyber Essentials Plus shows that you have proven security controls in place. Part of achieving Cyber Essentials Plus is an Assessor from Certification Body visiting the site and double checking and testing that the security controls are in place. A few of the MoD contracts are now asking for Cyber Essentials Plus for the suppliers. Cyber Essentials Level 1 is not enough. We would always recommend going with the Plus.
13. Do I need to buy extra software to go through Cyber Essentials Plus?
You shouldn’t need to. The scanning and testing tools are provided by the hired expert or the assessor as part of the process. However, if you do like the software they are using and see the benefits you can most certainly purchase for the company. It will help you stay on top of the Security controls we discussed.
Want to Find out More?
Use our form underneath to contact us or alternatively visit our contact us page to find out more options.
Contact us.
email@example.com
(555) 555-5555
123 Demo Street
New York, NY 12345