United Kingdom

Select your regional store:

Shopping Cart (0)


Cyber Essentials Plus - Do It Yourself

Cyber Essentials Plus - Do It Yourself

This package provides everything you need to achieve CREST-accredited Cyber Essentials Plus certification. It includes the review of your self-assessment questionnaire (SAQ), the external and internal vulnerability scans, on-site assessment and the certification service.

Don’t risk it – cyber secure it.

Use this package to achieve certification, win new business, improve your cyber defences and gain recognised cyber security credentials.

A £100 additional administration fee will be incurred for all transactions processed by any other means other than via the website (online payment).

Price: £1,250.00 (GBP)

This service has been designed for you to take total control of your Cyber Essentials Plus project. Using our online portal, this is the fastest and most effective route to achieving Cyber Essentials Plus certification.

Organisations wishing to obtain certification to Cyber Essentials Plus can do so without first being certified to Cyber Essentials.

Conduct most of your Cyber Essentials Plus certification process online, efficiently, and at a pace that suits you.

“The service IT Governance provided to us is outstanding. I have been impressed with every single aspect of the way you have assessed our infrastructure for the Cyber Essential Scheme. The service delivery has been to the highest standard and they have been flexible in our needs."

Kit Lai – General Manager, Pearl Linguistics Ltd


Manage your entire application process online:

  1. You will receive details to log into our online CyberComply portal. Here, you can complete your self-assessment questionnaire (SAQ).
  2. Once completed, submit your SAQ for review through the portal.
  3. You can then schedule the required external vulnerability scans and on-site assessment with our CREST-accredited testing team.
  4. You will receive interim feedback on the SAQ and external scans prior to the on-site assessment.
  5. IT Governance will conduct the on-site assessment and perform the necessary internal scans on a sample of your Internet-facing devices.
  6. We will provide you with the results of internal scans and on-site audit. If there are nonconformities, we will provide detailed feedback to help you understand how to close these gaps and achieve certification.
  7. If you meet all of the scheme’s requirements, we will issue your Cyber Essentials Plus certificate.

Get certification and competitive advantage with Cyber Essentials Plus

This DIY package will not only let you achieve Cyber Essentials Plus certification, you will also get independently verified vulnerability scans by CREST, demonstrating the security of your systems and networks to your customers. Dramatically improve your cyber security, prevent around 80% of attacks and stand out from the crowd with Cyber Essentials Plus certification.

Prevent around 80% of cyber attacks; take the Do It Yourself route to Cyber Essentials Plus certification today.

Important: Please read the testing conditions

View important details about prerequisites for testing here »

The above price is based on on-site testing at one location of one type of user account on up to eight workstation builds and up to five mobile devices (smartphones, tablets*), and with 16 or fewer external IP addresses. Price includes SAQ review, external scans and certification service - Client site visits are subject to travel expenses. Expenses will be assessed and charged in arrears. (Tests for additional IP addresses can be purchased here)

* Microsoft Surface Tablet Pro is treated as a workstation.

The duration and number of locations that must be included in the internal testing are dependent on the number of builds of user devices, including BYOD, that are within the scope of the certification.

The number of locations to be tested depends on whether all the different builds can be tested in one location. It is permissible to arrange a build to be delivered at a particular site for testing purposes, even if it is not normally deployed there, providing it accesses the Internet in its usual manner.

The number of builds is defined by the number of configurations of operating system and the suite of software installed. Examples of relevant software are listed below.

  • Oracle Java
  • Adobe Acrobat
  • Microsoft Office
  • Adobe Flash
  • Mozilla Firefox
  • Google Chrome
  • Opera
  • Microsoft Internet Explorer
  • Anti-virus solution

If more than one browser or Office suite is used, then each variant needs testing. If they are installed on the same build, then this is acceptable.


Pre-test requirements

  • All user device builds to be tested, including mobile and BYOD, must be available for testing.
  • Local user accounts with username and password must be available for each user group in scope.
  • Internet access from the devices being tested must allow the receipt of emails from our test domain and be accessible by our test web server (https://cybercomply.co.uk).
  • Details of a user e-mail account per user group being assessed.
  • Workstation builds must be configured to allow an authenticated vulnerability scan that will determine patch and version numbers of installed software, and details of the account to be used.
  • Remote registry must be enabled on the workstation builds, and no global policies that block the authenticated vulnerability scan are permitted.
  • Click here for repeat testing and assessment fees >>
  • Read our Cyber Essentials FAQs here.

Please contact us at servicecentre@itgovernance.co.uk or call us on +44 (0)845 070 1750 for further details and clarification about the requirements.



Client site visits, where required, are subject to travel expenses. Expenses will be assessed and charged in arrears.


Compare our Cyber Essentials and Cyber Essentials Plus packaged solutions >>


Format: Certification (Online purchases only)
Customer Reviews
# of Ratings: 2
1. on 21/01/2016, said:
I am a big fan of Cyber Essentials: as a government-backed and industry-supported scheme it allows us to demonstrate to stakeholders that we have essential IT security controls in place. I am proud of the Action for Children IT team for achieving the ‘Plus’ level of certification for two years running. Action for Children have found the certification robust, worthwhile and cost effective. I would encourage all organisations to consider Cyber Essentials, especially those providing services to public sector bodies.
Was this comment helpful? yes no
(0 people found this comment helpful, 0 did not)
2. on 21/01/2016, said:
Security is at the heart of everything we do, we take cyber security very seriously – the data centre is our business and security is part of that foundation. Achieving Cyber Essentials Plus will add great value: sharing the knowledge is one of our core values and our security accreditations allow us to live this value safely and effectively whilst enabling our customers to do the same. This fits well with our other certificates like ISO/IEC 27001:2013 and ISO/IEC 22301:2012. This gives our customers absolute piece of mind that their data is in the safest hands and ensures that our team are kept upskilled and informed.
Was this comment helpful? yes no
(0 people found this comment helpful, 0 did not)
Showing comments 1-2 of 2