The Cyber Essentials Scheme has changed
The CREST-accredited Cyber Essentials scheme is now closed to new entrants with effect from 1 April 2020. IT Governance is unable to accept new customers under the replacement scheme until contractual issues have been addressed. As soon as they have, we can process new Cyber Essentials certification applications. Thank you for your patience.
Please note: the information on this page applies to certification applications received before 1 April 2020 under the CREST certification scheme, and is applicable until 30 June 2020.
If you have not passed your initial assessment
If your Cyber Essentials certification application fails the external vulnerability scan or internal testing, there will be additional fees charged for any retests required. If these tests are completed within two weeks of a ‘fail’ notification, the following fees will apply.
What can you do if you do not repeat your assessment within the required two-week period?
You will have to apply for recertification and will be billed for the full recertification cost. The costs of repeat tests, assessments and recertification are outlined below.
Costs exclude any additional consultant expenses such as on-site visits to locations outside of mainland UK (England, Scotland and Wales).
If the application process is repeated within two weeks of a ‘fail’ notification
*In the event of a failed test, all IP addresses within the scope will need to be scanned again, as the tests provide a snapshot of security practices, and all IP addresses are required to pass at the same time.
Cyber Essentials Plus
If the application process is repeated after two weeks
If the application process is repeated after two weeks of a ‘fail’ notification, please contact us to discuss the options available.
Cyber Essentials/Cyber Essentials Plus
Please note: The above costs are based on a fixed scope as outlined in the product descriptions for Cyber Essentials and Cyber Essentials Plus. Any deviation from this scope will incur additional expenses and can be discussed in advance.
If your external vulnerability scans have delivered a ‘fail’ result, you can purchase repeat scans here.