This website uses cookies. View our cookie policy
United Kingdom
Select regional store:

Embarking on certification to ISO 27001 and Cyber Essential

According to, the Cyber Essentials scheme aims to entrench cyber security in an organisation’s approach to information risk management. It also aims to help smaller businesses uncover risks that they may not otherwise be aware of.

“Cyber Essentials is complementary to the good work and value across several existing standards and frameworks. The Scheme gives testable guidance on five areas of basic technical controls. When implemented, it will help organisations protect themselves from online cyber threats.” – Richard Bach, Assistant Director – Cyber Security, Department for Business, Innovation and Skills.

Similarities and difference


Cyber Essentials

ISO 27001

What is it?

The Cyber Essentials scheme identifies five fundamental technical security controls that an organisation needs to have in place to help defend against Internet-borne threats, and provides a mechanism to demonstrate that these precautions have been taken.

The ISO/IEC 27000 set of standards have been developed to help keep information assets secure.

They help your organisation manage the security of assets such as financial information, intellectual property, employee details or information entrusted to you by third parties.

ISO/IEC 27001 is the best-known of these standards, detailing requirements for an ISMS (information security management system).

What does it protect?

Data and programs on networks, computers, servers and other elements of an IT infrastructure. Information, regardless of where it is found (i.e. digital media, paper, information systems).

Who can it help?

A cost-effective assurance mechanism for organisations of all sizes. Organisations of any size and in any sector that need to keep information assets secure.


The Cyber Essentials programme has only five controls: secure configuration, firewalls, access controls, malware protection and patch management. ISO 27001 has 10 clauses and 114 generic security controls grouped into 14 sections (called “Annex A”).

Implementation and certification

Cyber Essentials is a prerequisite for all suppliers bidding for UK government contracts that involve the handling of sensitive and/or personal information. Some organisations choose to implement the Standard to benefit from the best practice it contains. Others achieve certification to reassure customers and clients that the Standard’s recommendations have been followed.

Optimal approach to implementation

If you are new to the world of ISO 27001, certifying to both the Standard and Cyber Essentials at the same time is more resource- and time-effective. IT Governance can help you achieve this with an integrated approach. However, depending on your current resources, time commitment and budget, you may wish to start with certification to Cyber Essentials. This will give you an introduction to the world of certification and information security.

When you are ready to take the next step of implementing a robust ISMS, you will be well positioned to continue to ISO 27001 certification.

Secure your organisation with Cyber Essentials

With IT Governance, you can complete the entire certification process quickly and easily using our online portal for as little as £300.

Find out more >>

Speak to an expert

Please contact our team for advice and guidance on our Cyber Essentials solutions.