This site uses cookies. By continuing to browse the site you are agreeing to our use of cookies. Find out more here

United Kingdom

Select your regional store:


Cyber Essentials – helping you keep your business secure

Who is the Cyber Essentials scheme applicable to?

  • Organisations that use systems connected to the Internet.

  • Organisations that use Internet-connected end-user devices (such as computers, mobile phones, printers, tablets, servers and laptops).


There are two levels of certification
Assessment methodology for the two certification levels:



  • A verified self-assessment questionnaire

  • An external vulnerability scan of Internet-facing networks and applications to verify that there are no known vulnerabilities present

  • This extra scan provides an independently verified view of the organisation's security posture



  • All the assessments for the previous level plus an additional internal scan and on-site assessment to test the following:

  • the security and anti-malware configuration of each device type

  • patch levels and system configuration

  • whether the organisation's systems are resistant to malicious email attachments and web-downloadable binaries


Already know which package you are looking for?



With CE certification you are able to:

  • Protect your business by preventing up to 80% of cyber threats;

  • Increase your resistance to cyber attacks;

  • Demonstrate to clients, insurers, investors or any other interested parties that you have taken the necessary and essential precautions to reduce cyber risks;

  • Bid for specific UK Government contracts that involve the handling of personal and sensitive information.


Cyber Essentials provides a basic level of cyber security; if you are interested in moving to a more advanced stage of information security by implementing a holistic information security management system, you can discover more by reading about ISO 27001 and the Cyber Essentials scheme.


Five key controls required for both levels of the scheme:

Secure configuration


Boundary firewalls and Internet gateways


Access controls and administrative privilege management


Patch management


Malware protection



How much does Cyber Essentials certification cost?

Costs mainly depend on the level of the scheme you are applying for and the package you need from your certification body – in this case, IT Governance is your certification body.

If you opt to use our online service, CyberComply (instead of the manual option – where we input the details for you), you will save £100. Information about our CyberComply portal is situated further down the page.

We have developed three packages tailored to suit your needs when applying for either level of Cyber Essentials certification. The cost of each package depends on the level your organisation is seeking to achieve:


Do It Yourself (DIY)

Choose this option if you are comfortable carrying out the necessary preparations yourself, in accordance with the Cyber Essentials scheme’s requirements. With this option, you can submit the questionnaire and undertake the assessments once you are ready for certification.

Package includes:

  • Includes the review of your self-assessment questionnaire (SAQ), the required vulnerability scans and the certification service.

  • CE Plus also includes the external and internal vulnerability scans, on-site assessment and the certification service.

  • Online certification.




Get A Little Help

We recommend this option for organisations that are confident they have the skills to reach Cyber Essentials certification, but need a little guidance to point them in the right direction.

Package includes:

  • Cyber Essentials Foundation online course – help understanding the five key controls and what is required of the Cyber Essentials scheme.

  • Cyber Essentials Toolkit – after completing the Foundation course, you will be ready to create the necessary policies and procedures to meet the Cyber Essentials requirements. The toolkit offers guidance and pre-written templates.

  • Live Online consultancy – if you need guidance or just peace of mind, help is available from our expert, CREST-accredited team.




Get A Lot Of Help

This option is an all-inclusive package for large organisations with complex organisational structures, or organisations that have no prior experience implementing an information security management system.

Package includes:

  • A full-day on-site consultancy service with an expert cyber security practitioner, providing:
    • Guidance on completing the self-assessment questionnaire

    • How to implement the five controls required by the scheme

    • Help defining the scope for Cyber Essentials certification

  • We also help you to understand the requirements of the scheme, identify weaknesses and implement the necessary corrective measures. From this you will be able to:
    • Submit your questionnaire to IT Governance for review

    • Schedule the required scans

    • Be completely prepared for the different types of assessments

    • Apply for Cyber Essentials certification successfully the first time




Why choose IT Governance for CE certification?

IT Governance is a CREST-accredited certification body. We are proud to have awarded certification to companies including Action for Children, Vodafone, and Airbus Defence and Space Ltd.

  • You can conduct the entire certification process online, without any expert cyber security knowledge.

  • We provide all of the tools and resources needed to achieve CREST-accredited certification at both levels of the Cyber Essentials scheme.

  • We deliver all of the technical tests and assessments, conducted by our experienced, CREST-accredited testers.

  • By choosing a CREST-accredited certification body like IT Governance, you will benefit from the added level of independent verification of your cyber security status provided by an external vulnerability scan. Non-CREST-accredited certification bodies issue certificates purely on the submission of a self-assessment questionnaire, without assessing the status of the client’s networks and applications.


Use our CyberComply service and save £100!

You could save £100 by choosing our online submission option. When you purchase any Cyber Essentials certification package, you will be directed to our online CyberComply secure portal, where you’ll be able to apply for the certification online, in addition to receiving guidance throughout the application process.

Or, for an additional £100 on top of your chosen package, our staff will be able to administer your organisation’s application for you.

If you are interested in saving £100, and would like to more information regarding the online service before you purchase, check out our CyberComply information page.


Completely new to Cyber Essentials?

Begin your journey towards certification today – use our very own pocket guide to give you a basic understanding of the Cyber Essentials scheme. Pick up your pocket guide today.


The Cyber Essentials scheme continued

The Cyber Essentials scheme is a key deliverable of the UK’s National Cyber Security Programme. Realising that the controls in its 2012 guide, 10 Steps to Cyber Security, were not being implemented effectively, the government instigated a call for evidence on a preferred cyber security standard. In November 2013, it concluded that no individual standard met its specific requirements, so it developed the Cyber Essentials scheme.

  • Cyber Essentials delivers the basic controls that all organisations should implement to mitigate the risk from common Internet-based threats.

  • The scheme provides a mechanism for organisations to demonstrate to customers, investors, insurers and others that they have taken essential precautions to secure against the majority of cyber risks.

  • A recent report by the government, UK cyber security: the role of insurance in managing and mitigating the risk, revealed plans to include Cyber Essentials certification in insurers’ risk assessments for SMEs.

  • Cyber Essentials enables companies to successfully tender for government contracts. View the UK Government’s procurement policy notice here.

The scheme is backed by major industry players including BAE Systems, Lockheed Martin, Barclays and Hewlett-Packard. The Information Commissioner has stated that he “supports the Cyber Essentials Scheme and encourages all businesses to be assessed against it”.

The Cyber Essentials scheme is increasingly popular within the private sector; more than 1,000 organisations have adopted the scheme to date. Insurance firms have recognised that Cyber Essentials certification is a valuable indicator of a mature approach to cyber security and, according to a government report, Cyber Essentials certification can also contribute to the reduction of risk.


How do I know if I need Cyber Essentials certification?

If you are unsure whether the Cyber Essentials scheme applies to your organisation and would like to determine your next steps, you can download the Cyber Essentials questionnaire to find out whether you meet the requirements of the scheme.


Click here to find out which organisations IT Governance has certified >>

live chat support software