What is the Cyber Essentials scheme?
The Cyber Essentials scheme is a UK government-backed framework supported by the NCSC (National Cyber Security Centre). It sets out five basic security controls that can protect organisations against 80% of common cyber attacks.
The scheme is designed to help organisations of any size demonstrate their commitment to cyber security – while keeping the approach simple and the costs low.
The Cyber Essentials certification process is managed by the IASME Consortium (IASME), which licenses certification bodies to carry out Cyber Essentials and Cyber Essentials Plus certifications.
Apply for Cyber Essentials certification now
IT Governance makes certification easy. View our range of affordable certification options for Cyber Essentials and Cyber Essentials Plus.
Why do I need Cyber Essentials?
Prevent around 80% of cyber attacks
By correctly implementing the five basic security controls, the Cyber Essentials scheme will help you reduce the impact of such threats as:
- Phishing attacks
- Password-guessing attacks
- Network attacks
Demonstrate supply chain security
Achieving Cyber Essentials certification will help you demonstrate your commitment to data protection and cyber security.
Win new business
Boost your reputation and attract new business by assuring customers you take cyber security seriously and have cyber security measures in place.
Work with the UK government and MOD
Cyber Essentials will permit you to work with the UK government and Cyber Essentials Plus will allow you to work with the MOD.
Be listed on the NCSC’s database
Cyber Essentials certificates issued in the previous 12 months will be displayed on the NCSC website, showing suppliers your commitment to protecting your and your customers’ data.
The NCSC (National Cyber Security Centre) has reviewed what influence Cyber Essentials has on cyber security attitudes and behaviours. It found:
- 93% of certified organisations are confident that they are protected against common, Internet-based cyber attacks;
- 61% of certified organisations say they are more likely to choose suppliers with Cyber Essentials or Cyber Essentials Plus certification; and
- Certified organisations are more likely to implement cyber security controls beyond the scheme’s five controls, and are more aware of the risks posed by cyber attacks.
Learn more about the benefits of Cyber Essentials certification
How to achieve Cyber Essentials certification
Our simple five-step methodology:
Define the scope
Certification can apply to an organisation’s full enterprise IT or just to a subset. Either way, the scope needs to be clearly defined before the certification process can get underway.
The next step is to complete the questionnaire. We review the completed SAQ before submission to check it meets the scheme’s requirements. Successful applications are issued a Cyber Essentials certificate.
Organisations seeking certification to Cyber Essentials Plus will be required to go through a technical audit, including a series of internal vulnerability scans and tests of the in-scope system(s) and the SAQ.
An external vulnerability scan of your Internet-facing networks and applications is used to verify that there are no obvious vulnerabilities. As the tests are external, they are performed off-site.
Once the on-site assessment, internal vulnerability scan and external vulnerability scan have been completed and approved, you will be issued your Cyber Essentials Plus certificate.