What is the Cyber Essentials scheme?
Cyber Essentials is a UK government scheme supported by the NCSC (National Cyber Security Centre) that sets out five basic security controls to protect organisations against around 80% of common cyber attacks.
The scheme’s certification process is managed by the IASME (Consortium which licences certification bodies to carry out Cyber Essentials certifications.
Cyber Essentials is designed to help organisations of any size demonstrate their commitment to cyber security – all while keeping the approach simple, and the costs low.
Apply for Cyber Essentials certification now
Pass your certification first-time with IT Governance.
View our range of affordable certification options for Cyber Essentials and Cyber Essentials Plus
Why do I need Cyber Essentials?
Prevent around 80% of cyber attacks
Correctly implementing five basic security controls will protect your organisation against the most common cyber threats.
Demonstrate supply chain security
Achieving Cyber Essentials certification will help you demonstrate your commitment to data protection and cyber security.
Win new business
Cyber Essentials certification will help boost your reputation and give you a better chance of winning new business.
Drive business efficiency
You can focus on your core business objectives while knowing that you are protected from the most common cyber attacks.
Reduce cyber insurance premiums
Cyber insurance agencies look more favourably on organisations that have achieved Cyber Essentials certification.
Work with the UK government & MoD
Cyber Essentials will permit you to work with the UK government and Cyber Essentials Plus will allow you to work with the MoD.
Learn more about the benefits of Cyber Essentials certification
Get Cyber Essentials certified with IT Governance
Our simple five-step methodology:
Define the scope
Certification can apply to an organisation’s full enterprise IT or just to a subset. Either way, the scope needs to be clearly defined before the certification process can get underway. Our Cyber Essentials online portal guides you through this process.
The next step to certification is to complete the required SAQ.
Organisations seeking certification to Cyber Essentials Plus will be required to go through a series of external vulnerability scans, internal vulnerability tests of the system(s) in scope, and the SAQ.
As a CREST-accredited certification body, we will review your SAQ to ensure it meets the scheme’s requirements, and conduct an external vulnerability scan of your Internet-facing networks and applications. This scan is used to verify that there are no obvious vulnerabilities.
Once the SAQ and scans have been successfully completed and approved, you will be asked to confirm your details and sign off your application.