The Cyber Essentials Scheme

What is the Cyber Essentials scheme?

Cyber Essentials is a UK government scheme supported by the NCSC (National Cyber Security Centre) sets out five basic security controls that can protect organisations against 80% of common cyber attacks.

The scheme is designed to help organisations of any size demonstrate their commitment to cyber security – while keeping the approach simple and the costs low.

The Cyber Essentials certification process is managed by the IASME Consortium (IASME), which licenses certification bodies to carry out Cyber Essentials and Cyber Essentials Plus certifications.

Apply for Cyber Essentials certification now

IT Governance makes certification easy. View our range of affordable certification options for Cyber Essentials and Cyber Essentials Plus.

Get started

Free cyber security to healthcare providers

If your organisation operates in healthcare and supports the Covid 19 response, you may be eligible for funding from NCSC. If you are an existing customer and would like to find out if you qualify for this support, please

Why do I need Cyber Essentials? 

Prevent around 80% of cyber attacks

Correctly implementing five basic security controls will protect your organisation against the most common cyber threats.

Demonstrate supply chain security

Achieving Cyber Essentials certification will help you demonstrate your commitment to data protection and cyber security.

Win new business

Cyber Essentials certification will help boost your reputation and give you a better chance of winning new business.

Drive business efficiency

You can focus on your core business objectives knowing you are protected from the most common cyber attacks.

Reduce cyber insurance premiums

Cyber insurance agencies look more favourably on organisations that have achieved Cyber Essentials certification.

Work with the UK government & MOD

Cyber Essentials will permit you to work with the UK government and Cyber Essentials Plus will allow you to work with the MOD.

Learn more about the benefits of Cyber Essentials certification

What does Cyber Essentials cover?


Firewalls need to be correctly set up to prevent unauthorised access to your internal networks.

Learn more about firewalls

Patch management

Software and operating systems should be regularly updated to fix known vulnerabilities.

 Learn more about patch management

Malware protection

Anti-malware software should be installed to protect your computers, important data and privacy.

Learn more about malware protection

Access control

User accounts should be assigned only to authorised individuals, be managed effectively, and provide the minimum level of access.

Learn more about access controls

Secure configuration

Computers and network devices should be configured to minimise vulnerabilities and provide only the services required.

Learn more about secure configuration

What’s the difference between Cyber Essentials and Cyber Essentials Plus?

Cyber Essentials Certification

Cyber Essentials

Cyber Essentials includes an SAQ (self-assessment


Cyber Essentials is right for you if:

You want a base-level security certification to demonstrate that you have key controls in place.

Get started

Cyber Essentials Plus Certification

Cyber Essentials Plus

Cyber Essentials Plus includes a technical audit of the systems that are in scope for Cyber Essentials. It consists of an external vulnerability assessment, an internal scan and an on-site assessment.

Cyber Essentials Plus is right for you if:

You are required to have a more in-depth audit of the key controls you have in place, your employees work from remote locations, or third parties have access to your premises or IT.

Get started

How to get Cyber Essentials certification

Our simple five-step methodology:



Define the scope

Certification can apply to an organisation’s full enterprise IT or just to a subset. Either way, the scope needs to be clearly defined before the certification process can get underway.



The next step is to complete the questionnaire. We review the completed SAQ before submission to check it meets the scheme's requirements. Successful applications are issued a Cyber Essentials certificate.


On-site assessment

Organisations seeking certification to Cyber Essentials Plus will be required to go through a technical audit, including a series of internal vulnerability scans and tests of the in-scope system(s)  and the SAQ.


External scan

An external vulnerability scan of your Internet-facing networks and applications is used to verify that there are no obvious vulnerabilities. As the tests are external, they are performed off-site.


Certification (Plus)

Once the on-site assessment, internal vulnerability scan and external vulnerability scan have been completed and approved, you will be issued your Cyber Essentials Plus certificate.

Why choose IT Governance as your Cyber Essentials partner?

  • Expertise – we’ve issued more than 5,000 certificates and we’ve been a certification body for the past six years.
  • One-stop shop - we provide all tools and resources needed to achieve certification at both levels of the Cyber Essentials scheme.
  • End-to-end support - we deliver all the technical tests and assessments, conducted by our experienced technical testers.
  • Tailored solutions - our unique fixed-price bundles provide expert support and compliance tools at affordable rates.
  • Credentials - our consultants are qualified, CREST-accredited cyber security practitioners.
  • Unrivalled expertise - we have the knowledge and insight to help you take the next steps beyond Cyber Essentials.

Get started

We've helped thousands of organisations like yours achieve Cyber Essentials

This website uses cookies. View our cookie policy
WIN £100