Skip to Main Content
Save 25% on selected auditor training courses. Find out more
Cyber Essentials Plus Certification Upgrade

Cyber Essentials Plus Certification Upgrade

SKU: 5570
Format: Annual Subscription

Purchase this upgrade if you want to achieve Cyber Essentials Plus and have already achieved Cyber Essentials certification within the previous three months. Includes a free retest (conditions apply).

  • Fixed-priced package suitable for organisations of all sizes, at a competitive price*.
  • Fast track appointments available.
  • Work with IT Governance, one of the founding Cyber Essentials certification bodies that remains one of the largest in the UK, with experience issuing certifications worldwide.
  • Includes a pre-test call to help you prepare for your assessment.

You will need to submit a copy of your Cyber Essentials certificate and passing report to confirm the assessment scope and ensure there is sufficient time within the three-month window to complete your Cyber Essentials Plus certification.

Please note, this is an annual subscription service with automatic renewal. Cyber Essentials Plus certificates are valid for 12 months, in line with the Cyber Essentials scheme requirements. You can cancel at any time. (T&Cs apply.)

Price: £1,735.00
ex. VAT

Cyber Essentials Plus Certification Upgrade

Bolster your existing Cyber Essentials certificate by achieving Cyber Essentials Plus certification with this upgrade package.

This service is for organisations that do not need one-to-one consultancy support and are comfortable conducting all the preparations for certification themselves. If you need additional support you can purchase our Cyber Essentials Remote Consultancy Support | IT Governance UK.

What’s included?

  • A Cyber Essentials Plus certificate, delivered by our ‘world-class’ rated team.
  • A remotely delivered internal assessment and internal vulnerability scans, for up to ten sample devices*.
  • An external vulnerability scan, for up to 20 IP addresses*.
  • A pre-test consultation call, to help you prepare for your assessment and improve your chances of passing Cyber Essentials Plus first time.
  • One free retest**.

Is this service right for you?

This service is designed for:

  • Organisations that have obtained Cyber Essentials certification within the last three months and now wish to achieve Cyber Essentials Plus certification.
  • Organisations with a high degree of knowledge of all five security controls and who are capable of independently completing all the preparations for testing.

If you haven’t recently achieved Cyber Essentials certification, you should purchase our Cyber Essentials and Cyber Essentials Plus Certification package.

See what our customers think about this service

“Brilliant service from the team who were completely supportive of someone like me who runs a microbusiness and is hopeless with technical stuff. I am so grateful fo the handholding and advice you gave me.”

- Caroline


“Thanks for all your support, team – really appreciate your assistance in getting us through this in such a short space of time. Couldn’t recommend a better group of folk to work with!”

- Rowan Troy, Six Degrees Technology Group Limited


“Amazing Service, very friendly throughout and willing to help you every step through the process.”

- Ian


“IT Governance were very helpful and really focussed on what was needed to get the certification and have a more secure setup as part of the process (we did not just get assurance, we improved our assurance process).”

- Karl Axnick, Alscient Ltd


“Terry and Dan were extremely helpful, knowledgeable, and provide quick and effective answers to any query I raised.”

- Anonymous


Benefits of Cyber Essentials Plus certification

Protect your organisation

Have a clear picture of your organisation’s cyber security level.

Secure more business

Attract new business with the assurance that you have cyber security measures in place.

Work with the UK government and MOD

Some Government contracts require Cyber Essentials certification.

Demonstrate organisational security

Reassure customers that you take cyber security seriously and are working to secure your IT against cyber-attack.

Be listed on the IASME Directory of organisations awarded Cyber Essentials

Cyber Essentials certificates issued in the previous 12 months will be displayed, showing suppliers your commitment to protecting your and your customers’ data.



Cyber Essentials Plus involves a technical audit of the systems that are in scope for Cyber Essentials. This includes a representative set of workstations, mobile devices, servers and build types used by the organisation.

*Our Cyber Essentials Plus packages include a Cyber Essentials Plus audit at one location, for up to ten sample devices. Additional workstations, mobile devices, server devices and build types may need to be tested to meet the sampling requirements of the scheme. If you require more than ten devices to be tested, you will need to purchase Cyber Essentials Plus Certification – Additional Device Testing.

*The package includes an external vulnerability scan for up to 20 IP addresses. If you have more than 20 IP addresses, you will also need to purchase sufficient additional IP packages.

The duration of testing depends on the number of builds of user devices (including BYOD (bring your own device)) that are within the scope of certification.

This technical audit is usually conducted remotely. You can request that testing is undertaken at your business location, however, additional expenses will be charged to accommodate our consultant’s travel time and costs.

For on-site audits, the number of locations to be assessed depends on whether all the different builds can be tested in one location. One location refers to one physical office/site, or all devices/machines selected for testing being on the same network.

**If you fail any of the Cyber Essentials Plus testing performed as part of the overall engagement, we will provide you with details of further tests required. This package includes one free retest. If after this, a pass cannot be awarded and additional tests are required, you would need to purchase Cyber Essentials Plus Internal Retest.

The Cyber Essentials Plus final report and certificate must be complete within 30 days the audit date. Any remediation work and retesting must be completed with sufficient time for our QA and generation of the report and certificate within this time limit.

If your Cyber Essentials Plus application is unsuccessful, your Cyber Essentials certification may be revoked.

If your Cyber Essentials Plus application is not fully complete within three months from the date of your Cyber Essentials certificate, you will need to repeat your Cyber Essentials certification at full cost, before any further attempt to achieve Cyber Essentials Plus.

For more details on testing requirements and conditions, including information about what is covered in the free retest and when additional retest fees may apply, please refer to our Cyber Essentials FAQs and Terms for buying goods and services

Test requirements

  • All devices are subject to testing and those included must be agreed upon before the testing date. These include end-user devices (workstations, laptops and mobile devices), internal and external-facing servers, hypervisors, thin clients, BYOD, and other build types used by the organisation.
  • Devices chosen for testing must be available on the agreed date and during the engagement.
  • All devices within the scope of testing must be devices in use on a day-to-day basis and cannot be built specifically for testing. The same applies for user accounts tested on these devices.
  • Devices must have Internet access and allow email downloads and browser downloads tests for standard user accounts on end-user devices.
  • All end-user computer devices will be tested for account separation and must only be on a standard user account and must not have local admin privileges to be awarded a Pass.
  • Cloud services within the scope of Cyber Essentials will be tested for MFA or SSO if supported by the service provider.
  • An external vulnerability scan is required for all external-facing assets within the scope of Cyber Essentials, (e.g. external-facing servers, firewalls, routers, IaaS (Infrastructure as a Service) Cloud, websites) hosted or managed by the organisation.
  • An internal vulnerability scan will be conducted for each sample device within the scope of Cyber Essentials, including end-user devices (workstations and laptops), servers, hypervisors, thin clients, BYOD, and other build types used by the organisation.
  • Internal vulnerability scans will be conducted using Qualys Cloud agents. If you require an alternative method, please discuss this with us at the time of your booking.
    • Qualys Cloud agents: The agents must be installed on the sample set of devices selected for the assessment after the pre-engagement call.

Customer Reviews

(4.88)stars out of 5
Number of reviews: 8
1. on 20/06/2024, said:
5 stars out of 5
Great service, super assessor made the whole process nice and easy
2. on 18/11/2022, said:
5 stars out of 5
The team at IT Governance were fantastic at helping us deliver on this project. It was a renewal with an upgrade to plus, and the assessor made it a very enjoyable experience.
3. on 06/10/2022, said:
5 stars out of 5
Assessor was great! Easy process. Only issue was the terms in the CE assessment
4. on 28/03/2022, said:
5 stars out of 5
Yannick was brilliant, going beyond
5. on 22/03/2021, said:
5 stars out of 5
The Team from IT Governance were fantastic to deal with and helped ensure our journey to achieving Cyber Essentials Plus at the first attempt was a painless journey. From our initial enquiries with Yvette to the eventual assessment by the team, we received timely responses to any queries we great advice along the way. We now have far more confidence in the process and will continue to use IT Governance for support in the years to come as we renew our certifications.
6. on 04/11/2020, said:
5 stars out of 5
Very friendly and knowledgeable team, made the process as straight forward as it can be, Thank you :)
7. on 22/09/2020, said:
5 stars out of 5
The team at IT governance are very knowledgeable and great to work with. We have done many assessments with the IT governance team and all been completed smoothly and within time, even with the current COVID situation. Great work guys!
8. on 22/09/2020, said:
4 stars out of 5
Some teething issues with respect to scope and recieving notifications but George (our auditor) was excellent and attended to all our needs to ensure the whole process went smoothly. He explained the process and when we needed to contact him he made every effort to detail what needed to be done. All in all a great credit to IT Governance!
Showing comments 1-8 of 8
SAVE 25%