The Cyber Essentials Scheme

What is the Cyber Essentials scheme?

Cyber Essentials is a UK government scheme that sets out 5 basic security controls to protect organisations against around 80% of common internet cyber attacks.

The scheme’s certification process is designed to help organisations of any size demonstrate their commitment to cyber security – all while keeping the approach simple, and the costs low.

The Cyber Essentials scheme is changing as of 1 April 2020. Find out what this means for new and existing customers

What do I need Cyber Essentials? 

Prevent around 80% of cyber attacks

Prevent around 80% of cyber attacks

Correctly implementing the five basic security controls will protect your organisation against the most common cyber threats.

Demonstrate security

Demonstrate security and secure your supply chain

Achieving Cyber Essentials certification will help you demonstrate your commitment to data protection and cyber security.

Win new partnerships

Win new contracts, clients and customers

Cyber Essentials certification will help boost your reputation and give you a better chance of winning new business.

Drive business efficiency

Drive business efficiency

You will be able to focus on your core business objectives while knowing that you are protected from the most common cyber attacks.

Cyber Essential Secure configuration

Reduce cyber insurance premiums

Cyber insurance agencies look more favourably on organisations that have achieved Cyber Essentials certification.

Learn more about the benefits of Cyber Essentials certification

What does Cyber Essentials cover?



Firewalls need to be properly set up to prevent unauthorised access to or from private networks.

Learn more

Cyber Essential Secure configuration

Secure configuration

Computers and network devices should be configured to minimise vulnerabilities and provide only the services required.

Learn more

Cyber Essentials Access Control

Access control

User accounts should be assigned only to authorised individuals, managed effectively, and provide the minimum level of access.

Learn more

Cyber Essentials Malware Protection

Malware protection

Anti-malware software should be installed to protect your computers, important documents and privacy.

Learn more

Cyber Essentials Patch Management

Patch management

Software and operating systems should be regularly updated to help fix any known weaknesses.

Learn more

What’s the difference between Cyber Essentials and Cyber Essentials Plus?

Cyber Essentials Certification

Cyber Essentials

Cyber Essentials includes an SAQ (self-assessment questionnaire) and an external vulnerability scan. 

Cyber Essentials is right for you if:

You want a base-level security certification to demonstrate that you have key controls in place.

Get started

Cyber Essentials Plus Certification

Cyber Essentials Plus

Cyber Essentials Plus includes an additional internal scan and an on-site assessment.

Cyber Essentials Plus is right for you if:

Your employees work from remote locations, or third parties have access to your premises or IT.

Get started

Get Cyber Essentials certified with IT Governance

Our simple 5-step methodology:



Define the scope

Certification can apply to an organisation’s full enterprise IT or just to a subset. Either way, the scope needs to be clearly defined before the certification process can get underway. Our Cyber Essentials online portal guides you through this process.



The next step to certification is to complete the required SAQ which you will do online via our portal. 


On-site assessment

Organisations seeking certification to Cyber Essentials Plus will be required to go through a series of internal vulnerability tests of the system(s) in scope, as well as the SAQ and external vulnerability scan.


External scan

As a CREST-accredited certification body, we will review your SAQ to ensure it meets the Scheme’s requirements and conduct an external vulnerability scan of your Internet-facing networks and applications. This scan is used to verify that there are no obvious vulnerabilities.



Once the SAQ and scans have been successfully completed and approved, you will be asked to confirm your details and sign off your application.

Why choose IT Governance as your Cyber Essentials partner?

Certification simplified

Our unique Cyber Essentials portal allows you to complete the entire certification process online, without any expert knowledge.

One-stop shop

We provide all tools and resources needed to achieve CREST-accredited certification at both levels of the Cyber Essentials scheme.

End-to-end support

We deliver all the technical tests and assessments, conducted by our experienced, CREST-accredited testers. We do not outsource any of the services required to achieve certification.

Tailored solutions

We have six packaged solutions available to support organisations with varying levels of experience through the Cyber Essentials or Cyber Essentials Plus certification process.

Unrivalled expertise

Having led ISO 27001 implementations since the inception of the Standard, we have the knowledge and insight to help you take the next steps beyond Cyber Essentials.

Get started

We've helped hundreds of organisations like yours achieve Cyber Essentials

How certification schemes are changing in 2020

In 2020, the NCSC (National Cyber Security Centre) will implement some changes to the Cyber Essentials scheme to prepare it for the future. The current five Cyber Essentials accreditation bodies will be replaced by one. From 1 April 2020, The IASME Consortium will operate as the sole accreditation body for the scheme.

In support of this change, IT Governance will become an IASME-accredited certification body from April next year. We will continue providing the high level of cost-effective ongoing service our clients expect from us and will ensure the transition to the new arrangements is seamless. In the meantime, and in line with current arrangements supported by the NCSC, our clients will continue to be certified under CREST, and all existing and new certifications will continue to be valid and in line with current requirements.

Find out what this means for new and existing Cyber Essentials customers

This website uses cookies. View our cookie policy