Cyber Essentials Plus for healthcare

Speak to an expert 

For more information and tailored guidance for your organisation, speak to one of our healthcare experts.

The Cyber Essentials scheme is a world-leading, cost-effective assurance mechanism for organisations to help demonstrate that the most basic cyber security measures are in place. Certification can be achieved at two levels, Cyber Essentials and Cyber Essentials Plus.

The Cyber Essentials scheme is changing as of 1 April 2020. Find out what this means for new and existing customers

Download our free guide

Recent reviews have recommended Cyber Essentials Plus as the minimum standard for healthcare providers and partners to demonstrate that they have implemented the most basic cyber security controls. For more information about the Cyber Essentials scheme and how it can help you guard against the most common cyber threats, download the free guide.

Download now

What are the five key Cyber Essentials security controls?



Firewalls need to be properly set up to prevent unauthorised access to or from private networks.

Learn more

Cyber Essential Secure configuration

Secure configuration

Computers and network devices should be configured to minimise vulnerabilities and provide only the services required.

Learn more

Cyber Essentials Access Control

Access control

User accounts should be assigned only to authorised individuals, managed effectively, and provide the minimum level of access.

Learn more

Cyber Essentials Malware Protection

Malware protection

Anti-malware software should be installed to protect your computers, important documents and privacy.

Learn more

Cyber Essentials Patch Management

Patch management

Software and operating systems should be regularly updated to help fix any known weaknesses.

Learn more

Vulnerability scans

In addition to a self-assessment of the five security controls and an external vulnerability scan, Cyber Essentials Plus includes an internal network vulnerability scan and an on-site assessment to thoroughly check whether the solutions you have put in place comply with the control requirements.

The National Cyber Security Centre (NCSC), National Data Guardian Review and Smart review highlight the need for all organisations to achieve Cyber Essentials Plus certification by 2021.

“Recommendation 1: All NHS organisations are to develop local action plans to achieve compliance with the Cyber Essentials Plus standard by June 2021, as recommended by the NCSC.” 

 - William Smart, Chief Information Officer for Health and Social Care, Lessons learned review of the WannaCry Ransomware Cyber Attack

Cyber Essentials Plus and compliance standards

The Data Security and Protection (DSP) Toolkit has now replaced the Information Governance (IG) Toolkit as the compliance standard for all organisations looking to connect to NHS networks.

Cyber Essentials Plus certification satisfies multiple conditions of the DSP Toolkit. Achieving certification will prepopulate many of the compliance statements within the online portal, reducing the time and cost needed to demonstrate compliance.

Click here for more information on the DSP Toolkit >>

The supply chain

Cyber Essentials is as crucial to healthcare industry partners as it is to healthcare providers. Cyber criminals will exploit any vulnerability in the supply chain to gain access to information networks, resulting in unmitigated access to patient records and valuable healthcare data.

Cyber Essentials Plus can minimise the risk of a data breach and demonstrate that your organisation prioritises cyber security, helping you to secure NHS contracts.

NHS industry partners will be required to comply with the DSP Toolkit from April 2018. Cyber Essentials Plus can help speed up the connectivity and supply process by fulfilling and prepopulating compliance statements within the DSP Toolkit portal.

More information on the DSP Toolkit for healthcare industry partners is available from our healthcare experts >>

Benefits of Cyber Essentials Plus

Protect your organisation from approximately 80% of cyber attacks

Implementing the five controls correctly will help protect your organisation.

Work with the UK government & MoD

Cyber Essentials will permit you to work with the UK government and Cyber Essentials Plus will give you the opportunity to work with the MoD.

Drive business efficiency

Focus on your core business objectives knowing that you are protected from the majority of cyber attacks.

Reduce cyber insurance premiums

Cyber insurance agencies often look more favourably on organisations that have achieved Cyber Essentials certification.

Increase your chances of securing business

Boost your reputation and have a greater chance of winning contracts.

Demonstrate organisational security

Demonstrate your commitment to protecting your own data and that of your customers and suppliers within the supply chain.

Why choose IT Governance for Cyber Essentials certification?

IT Governance is the leading CREST-accredited certification body and has awarded hundreds of certifications, with many more companies achieving certification every day. Our Cyber Essentials clients include NHS Professional, Health Management Ltd and the Professional Standards Authority for Health and Social Care.

See the full list of organisations we’ve certified to the Cyber Essentials scheme >>

SAVE 25%