Basket
United Kingdom
Select regional store:
GRC Solutions x Digital Trust Consulting. One partner for complete cyber resilience
Case studies Cyber Essentials Plus Case Study

Cyber Essentials Plus Case Study

(Anonymised client)

The challenge

Our client wanted to renew its Cyber Essentials Plus certification and increase customer confidence by demonstrating that its cyber security measures were appropriate for the risks it faced.

The solution

Cyber Essentials Plus certification

The benefit

Cyber Essentials Plus certification provides independently audited proof that organisations maintain a level of information security recommended by the NCSC (National Cyber Security Centre).

Testimonial

“It has been a pleasure working with the team at GRC/ITG for another year to run through our Cyber Essentials and CE Plus. We have committed to the constant improvement needed to ensure that as we grow, we also mature our stance with cyber security. 

“As any brand knows, the larger you get the more of a target you are, but over the last couple of years we've also heard about substantially smaller companies getting hit with attacks. Our rapid growth needed everything to be scalable and to ensure everything was in place to ensure we didn't hit any bottlenecks on any platforms. 

“Working with GRC/ITG ensures that all the hard work the team are doing to implement the right policies, controls and monitoring are working well for us and we aren't missing anything needed to ensure we run as safely and securely as possible. Brands take on a responsibility for data in many forms, customer and staff are just a part of this. The value in having all the hard work checked and agreed with is worth every penny. 

“We also work with GRC/ITG to run penetration tests against our websites which forms part of our deployment plans. We believe this is essential to ensure we are doing everything we can to protect our customer data as much as possible, on top of ensuring maximum uptime for our web assets. 

“Cyber Security can be daunting and having someone "check your homework" naturally makes you anxious, but working with the team at GRC/ITG for yet another year was a genuine pleasure and allowed the team to celebrate another year of awesome quality work.”

Anonymous IT Director

Background

About our client

Our client, which wishes to remain anonymous, is a leading UK-based operator in the indoor leisure and attractions sector, specialising in high-adrenaline experiences for both individuals and groups.

With more than 40 venues across the UK and Europe, the organisation welcomes well over 1 million visitors annually. Our client has used our services since 2021.

About IT Governance Ltd, a GRC Solutions company

IT Governance is one of the founding Cyber Essentials certification bodies and remains one of the UK’s largest, having issued more than 9,000 certificates to date.

We offer end-to-end support – including documentation, scanning and assessments – with same-day turnaround, one-to-one guidance as standard, and a customer success rate of 98%. Backed by qualified cyber security practitioners and a ‘World-Class’ NPS of +100, we provide unrivalled expertise to help you achieve certification and take the next steps beyond.

About the Cyber Essentials scheme

Cyber Essentials is a UK government-backed certification scheme that helps organisations protect themselves from around 80% of common cyber threats. It mandates five basic security controls and certification is available at two levels: Cyber Essentials and Cyber Essentials Plus.

Cyber Essentials certification is widely recognised as a minimum standard for cyber security assurance and is often required in public-sector procurement contracts.

The scheme is managed by IASME (the IASME Consortium), which licenses certification bodies – such as IT Governance Ltd – to carry out Cyber Essentials and Cyber Essentials Plus certifications.

Cyber Essentials certificates last 12 months and are listed on the IASME website, demonstrating certified organisations’ commitment to protecting their and their customers’ data.

According to the NCSC:

  • 92% fewer insurance claims are made by organisations with the Cyber Essentials controls in place
  • 89% of organisations would recommend certifying to other organisations like theirs
  • 88% believe Cyber Essentials has improved their understanding of cyber security risks
  • 69% of those with Cyber Essentials believe that it has increased their market competitiveness

The process

Cyber Essentials Plus certification requires organisations to undergo a series of internal and external vulnerability tests.

The internal scan checks patch levels and system configurations, while the security and anti-malware test ensures that the organisation’s systems are resistant to malicious email attachments and web-downloadable binaries.

The following internal tests are required for Cyber Essentials Plus:

  • Inbound email binaries and payloads.
  • Browser malicious and non-malicious file download test.
  • Authenticated vulnerability and patch verification scan.
  • Account Separation to confirm standard users do not have administrative privilege.
  • Multi-Factor Authentication Check

The external scan also checks the patch levels and system configurations, but of the public facing infrastructure. The following external tests are required for Cyber Essentials Plus:

  • Unauthenticated vulnerability and patch verification scan.

We provided daily vulnerability scan reports using Qualys, enabling the client to track and address any issues in near real time. Alongside these reports, we supplied clear remediation guidance and supporting documentation to help the client prioritise and implement fixes efficiently.

The client already had a strong technical foundation in place, using a suite of well-configured security tools:

  • SentinelOne antivirus for advanced endpoint protection
  • Proofpoint for email security
  • Keeper Security as a password manager
  • Ubiquiti Cloud Console to manage firewall policies and configurations
  • Microsoft 365 to enforce MFA and SSO organisation-wide

These technologies, coupled with the client’s adherence to Cyber Essentials best practices, made the compliance process exceptionally smooth. Its proactive approach to patch and vulnerability management, antivirus configuration, firewall rules, multi-factor authentication, password policy and user access controls aligned closely with the scheme’s requirements.

Daily Qualys reports enabled the client to supplement its SentinelOne monitoring, identifying any residual vulnerabilities not detected by the endpoint platform – including those with lower risk scores. Any high or critical issues were resolved rapidly, thanks to effective collaboration between our team and the client’s in-house IT staff.

Our engagement reflected IT Governance’s core values:

  • Solving real business problems
  • Delivering measurable results
  • Exceeding expectations through open and honest communication

The outcome

The client passed its Cyber Essentials Plus audit within just two days, demonstrating not only its technical preparedness but also its ongoing commitment to security by design. Its use of robust, well-integrated technologies – supported by a consistent patching schedule and sound configuration practices – enabled it to maintain a strong security posture and respond swiftly to any emerging risks.

The solution

Self-certification

 

Standard Cyber Essentials Plus certification package.

From £2,055 + VAT

  • Cyber Essentials certificate 
  • Cyber Essentials Plus certificate 
  • Cyber insurance of up to £25,000¹
  • Pre-engagement consultation 
  • External vulnerability scan 
  • Additional retest 
  • On-site/remote assessment 
  • Remediation support 
  • Direct communication with a technical assessor 
Get started

Get a Little Help 

 

Full support through the certification process with expert guidance. 

From £2,355 + VAT 

  • Cyber Essentials certificate 
  • Cyber Essentials Plus certificate 
  • Cyber insurance of up to £25,000¹
  • Pre-engagement consultation 
  • External vulnerability scan 
  • Additional retest 
  • On-site/remote assessment 
  • Remediation support 
  • 2 hours consultancy included 
Get started

Get a Lot of Help

 

Comprehensive support for complex organisations. 
 

From £3,055 + VAT 

  • Cyber Essentials certificate 
  • Cyber Essentials Plus certificate 
  • Cyber insurance of up to £25,000¹ 
  • Pre-engagement consultation 
  • External vulnerability scan 
  • Additional retest 
  • On-site/remote assessment 
  • Remediation support 
  • 1 day consultancy included 
Get started

Why choose IT Governance, a GRC Solutions company?

IT Governance was a founding Cyber Essentials certification body and remains one of the largest in the UK, issuing more than 9,000 certificates.

Our Cyber Essentials services have received a ‘World-Class’ NPS (Net Promoter Score) of +100.

With a large team focused on Cyber Essentials, we offer same-day turnaround on your certificates.

We have a 98% customer success rate.

We offer everything you need to get Cyber Essentials certification, such as documentation, scanning, and assessments.

One-to-one support included as standard in all our packages.

End-to-end support – we deliver all the technical tests and assessments, conducted by our experienced technical testers.

Tailored solutions – our unique fixed-price bundles provide expert support and compliance tools at affordable rates.

Credentials – our consultants are qualified, cyber security practitioners.

Unrivalled expertise – we have the knowledge and insight to help you take the next steps beyond Cyber Essentials.

¹Free cyber insurance is available to UK organisations with a turnover of less than £20 million. Includes a 24-hour helpline to report a cyber incident, with a total liability limit of £25,000. Terms and conditions apply.

Find the expert you need

Choose a service
Or choose a subject

If you need technical support please, contact us .

Fill in the form to request a callback