Demonstrate Cyber Security Strength With Cyber Essentials Plus

Cyber Essentials Plus is a great first step towards making your systems more secure. The certifications are supported by the National Cyber Security Centre (NCSC), recommended by the Information Commissioner’s Office (ICO) and accredited through IASME, the NCSC Cyber Essentials Partner.

The Cyber Essentials Plus certification helps you demonstrate that the most important cybersecurity controls have been implemented within your organisation. This is a great selling point to clients, from SMEs to FTSE 100 companies or public sector suppliers, where certifications are a prerequisite.

Get In Touch
Cyber Security Strength

Key Drivers for Cyber Essentials Plus

CyberOne has been delivering peace of mind to our clients through supporting clients towards Cyber Essentials Plus certifications, since its launch in 2014.

Our packages are flexible, allowing us to deliver quickly and painlessly to your precise needs. We include both an internal and external vulnerability scan and a detailed report as standard, to demonstrate the final Cyber Essentials Plus requirements have been met.

CyberOne performs the internal and external vulnerability scanning to support clients in meeting the IASME Cyber Essentials controls.

Formalise Your Security

Gain a clear picture of your current security level and ensure processes are suitably documented. The Cyber Essentials process raises the profile of cybersecurity within your business and makes you more cyber alert.

Peace of Mind

Cyber Essentials Plus gives you confidence that you have the correct security controls in place and the knowledge that you’re effectively addressing the cybersecurity risks that could lead to the loss of confidential data.

Independent Assessment

Cyber Essentials Plus includes an independent assessment of the 5 security controls. Clients do not have to take your word that you’re cyber secure – they can rely on the expertise of professionals.

Automatic Cyber Insurance

All organisations with a head office domiciled in the UK and a turnover of less than £20 Million gain cyber insurance automatically if they achieve Cyber Essentials Plus certification for their whole organisation.

Set Yourself Apart

Cyber Essentials Plus is a great selling point and differentiator for your business. No matter whether a client is an SME or a FTSE 100 company, they want to know you take security seriously. Being Cyber Essentials certified allows you to bid on UK Government contracts that involve the handling of confidential data.

What Does the Cyber Essentials Certification Cover?

Cyber Essentials is the basic level accreditation within the Cyber Essentials scheme and is suitable where your business requires an entry-level security certification to demonstrate that they have the recommended controls in place.

This self-assessment consists of 70 questions split into 8 sections, covering 5 key technical controls:

attack-surface-reduction

Firewalls

Firewalls determine who has permission to access your system and prevents those without permission from accessing your networks. A good set-up will help to keep external threats from gaining access to your systems.

Secure Configuration

Secure Configuration

Computers and network devices should be configured to provide only the services required, minimising the number of vulnerabilities. This will help to prevent unauthorised actions and minimise the information accessible to internet sites.

User Access Control

User Access Control

Access to your data and services should be kept to a minimum to prevent hackers from having open access. Accounts with access privileges should only be assigned to authorised individuals, provide only the necessary access, and be reviewed regularly.

Quick Identification

Malware Protection

Your business should be protected against malicious software that could gain access to files, steal information, damage data or prevent access until a fee is paid. Having malware protection and virus removal software will help to protect information.

Patch Management

Patch Management

Cyber attackers often target well known technical vulnerabilities. Proper patch management should ensure that vulnerabilities in systems are patched and updated as soon as they are identified.

What Does the Cyber Essentials Plus Certification Cover?

Cyber Essentials Plus is more advanced and particularly suitable where your organisation has employees working remotely or who have third parties with access to IT systems.

This certification includes the same questionnaire, but we carry out an additional internal scan and on-site assessment. This includes the assessor testing a random sample of company systems, devices, and servers for their security.

Our assessment provides you with a full report highlighting findings and improvements that need to be made before the certification is awarded.

Internal Assessment

Internal Assessment

CyberOne scan your internal network to dynamically discover and categorise assets, perform credentialed scanning, and find critical vulnerabilities, so you can reduce the likelihood of an attack. We initiate the scan through remote access to an admin account.

External Assessment

External Assessment

We identify vulnerabilities caused by actors outside your network, with recommended actions for medium or higher vulnerabilities.

Device Testing

Device Test

We check operating system, antivirus, endpoint and browser versions and last scan dates on each sample device.

Browser Testing

Browser Testing

We download suspicious sample files that simulates malware and check they are blocked.

Email Testing

Email Testing

We send test emails to an inbox to check the possible network paths an email will follow.

Why Choose Cyberone for Cyber Essentials Plus Certification?

01

Unrivalled Expertise

CyberOne have been supporting businesses with Cyber Essentials ever since the certifications were launched in 2014.

02

First-Time Pass

Our experts work closely with you to ensure your answers align to Cyber Essentials Plus before the assessment. We identify any areas of concern, with guidance to resolve and implement relevant changes that are required to ensure you pass first time.

03

We Make Certification Easy

We’re highly responsive from your very first enquiry and will work at your desired pace.

04

Easy to Use Web Portal

Our portal guides you through the Cyber Essentials self-assessment with jargon-free questions.

05

No Stone Unturned

Our Cyber Essentials Plus project includes an external vulnerability scan and a detailed report of our findings as standard, so you can rest assured the full requirements have been met.

06

Custom Packages

You only pay for what you need, thanks to our packages of tiered service and support.

Jellyfish

Proven. Certified. Trusted.

CyberOne holds globally respected accreditations, including CREST for SOC, Pen Testing and Cyber Incident Response; NCSC Assured Service Provider and Cyber Incident Response (Level 2); and ISO 27001.  CyberOne is also a Microsoft Solutions Partner across Security, Modern Work, Infrastructure, and Data & AI,  with advanced specialisations in Threat Protection and Cloud Security. These credentials reflect our world-class capability to protect, optimise, and empower your organisation.

NCSC Assured Service Provider
NCSC Cyber Incident Response (Level 2)
CREST Accredited
ISO27001
Microsoft Security
Microsoft Modern Work
Microsoft Infrastructure Azure
Microsoft Data & AI

Get In Touch

Learn more about how Cyber Essentials Plus with CyberOne can help prevent 80% of cyber-attacks on your business.

Just fill in the form and our team will reach out to you.

Discuss Your Cyber Security Needs

Learn more about how our award-winning cybersecurity services could benefit your business.

Get in Touch
Discuss Your Cyber Security Needs

Frequently Asked Questions

What Does Cyber Essentials Plus Include?

Cyber Essentials Plus includes a comprehensive assessment that covers a range of security controls, including firewall configuration, secure device management, access control, patch management, and malware protection. Unlike the basic Cyber Essentials certification, Cyber Essentials Plus goes further by involving an independent verification process conducted by certified assessors.

What Are the Benefits of Obtaining Cyber Essentials Plus Certification?

Cyber Essentials Plus provides several benefits including enhanced cybersecurity posture, reduced risk of cyberattacks, improved customer trust, compliance with cybersecurity regulations, and eligibility for certain government contracts.

How Often Does an Organisation Need to Renew Its Cyber Essentials Plus Certification?

Cyber Essentials Plus is valid for one year. To maintain the certification, organisations need to undergo the assessment process annually and demonstrate continued adherence to cybersecurity best practices.

Is Cyber Essentials Plus Certification Mandatory for All Businesses?

Cyber Essentials Plus is not mandatory for all businesses, but it may be required by certain clients or contracts, especially those involving government entities.

Is Cyber Essentials Plus Suitable for Small Businesses, or Is It Geared Towards Larger Organisations?

Cyber Essentials Plus is designed to benefit organisations of all sizes. The certification helps small businesses establish a strong foundation of cybersecurity best practices and demonstrates their commitment to safeguarding sensitive data and digital assets. Cyber Essentials Plus is a versatile certification that can be tailored to meet the unique needs and resources of businesses, regardless of their size.

Are There Any Industry-Specific Requirements or Adaptations for Cyber Essentials Plus Certification?

Cyber Essentials Plus follows a standardised framework for assessing essential cybersecurity practices. While the core principles remain consistent, organisations operating in industries with specific regulatory obligations or risk profiles may need to make industry-specific adaptations. This could involve aligning the certification with sector-specific cybersecurity standards and regulations, tailoring assessment scopes to address unique concerns, or emphasising certain security measures.