Cyber Essentials is the UK Government-backed scheme that sets out a baseline of cyber security – its adoption is mandatory for specific companies, and recommended for all organisations that want to mitigate the risk from common Internet-based threats. There are two levels of certification: Cyber Essentials and Cyber Essentials Plus, with the latter requiring a deeper assessment of the organisation’s security posture.
Furthermore, by choosing a CREST-accredited certification body, like IT Governance, you will undergo a more thorough assessment:
- Cyber Essentials – an external vulnerability scan on your networks and applications to verify that your networks meet Cyber Essentials requirements;
- Cyber Essentials Plus – an external vulnerability scan, plus an additional internal scan and on-site assessment.
What to expect from the application process
At first glance, achieving certification to the scheme might seem intricate and complex, but the application process is quite smooth with the CyberComply portal. It’s a unique online service that enables companies to apply for the scheme and be in control of the entire process, from begin to end.
How CyberComply works
When you purchase the Cyber Essentials or Cyber Essentials Plus certification service, you’ll receive login details for the CyberComply portal. Now your journey begins:
- The first thing is to define the scope: the portal provides detailed guidance on defining it and, if you need help, we offer an online consultancy service to get you past this important step;
- Take your time to complete your self-assessment questionnaire (SAQ) – you will receive instructions on completing the SAQ;
- Once completed, submit the self-assessment questionnaire for an initial review through the portal;
- IT Governance will then inform you if your SAQ meets the requirements of the scheme;
- Now you can schedule the external vulnerability scans, which are mandatory if you are using a CREST-accredited certification body, and offer an independent view of your cyber security posture;
- Once you have passed the vulnerability scans, you can submit your SAQ for final approval by IT Governance;
- Finally, subject to a positive outcome, IT Governance will issue your Cyber Essentials certificate.
- For Cyber Essentials Plus, an additional step is required which involves an onsite assessment and internal tests which can also be scheduled via CyberComply.
Get started with our packaged solutions
Depending on your resources, needs and budget, IT Governance has developed three packaged solutions to help you achieve Cyber Essentials or Cyber Essentials Plus certification at your own pace and hassle-free. Hundreds of companies have already achieved certification with IT Governance; read what they think of our certification service:
“The service IT Governance provided to us is outstanding. I have been impressed with every single aspect of the way you have assessed our infrastructure for the Cyber Essential Scheme. The service delivery has been to the highest standard and they have been flexible in our needs.”
Kit Lai – General Manager, Pearl Linguistics Ltd
“Thank you for the swift processing of our application, it is very much appreciated.”
Mark J Smith – Simon Safety & Lifting Centre Ltd