Skip to Main Content
Cyber Security as a Service could be your new secret weapon against cyber criminals. Find out more
Cyber Essentials Plus Certification

Cyber Essentials Plus Certification

SKU: 5570
Format: Certification (Manual)
Availability: Available

This service is for organisations that have recently achieved Cyber Essentials certification and now want to achieve Cyber Essentials Plus certification. If you haven’t yet achieved Cyber Essentials certification, you should purchase our Cyber Essentials and Cyber Essentials Plus Certification package.

The Cyber Essentials Plus Certification package includes:

  • A Cyber Essentials Plus certificate and report;
  • An on-site or remote assessment and internal vulnerability scans; and
  • An external vulnerability scan.

This package auto-renews in line with our terms and conditions.

Buy now, pay later! Enjoy the benefits of paying by purchase order with an IT Governance corporate account. Apply online today or call our service centre team on 44 1474 556685.

Price: £1,450.00
ex. VAT
Description

Cyber Essentials Plus Certification

This service will help you achieve Cyber Essentials Plus certification.

You will need to complete the Cyber Essentials Plus audit within three months of achieving Cyber Essentials certification. Before applying, you must confirm you hold a valid Cyber Essentials certificate achieved through an IASME Consortium Ltd (IASME)-licensed certification body.

This service is for organisations that have a high degree of knowledge of all five security controls and are comfortable carrying out all the preparations for certification.


What’s included?

  • Your Cyber Essentials Plus certificate and report.
  • An on-site/remote internal assessment and internal vulnerability scans.
  • External vulnerability scan.

How the application process works:

  • Once we have confirmation your Cyber Essentials certification meets the required criteria, we schedule your on-site/remote assessment/technical audit.
  • We conduct the internal assessment and perform the internal scan on a sample of your Internet-facing devices, and then provide the results. If there are nonconformities, we will also provide feedback to help you understand how to achieve certification.
  • We schedule your external vulnerability scan.
  • Subject to a positive outcome, you receive your Cyber Essentials Plus certificate and report.

This service is right for you if:

  • You achieved Cyber Essentials certification through an IASME-licensed certification body within the past three months; and
  • Your organisation has a high degree of knowledge of all five security controls and is comfortable carrying out all the preparations for testing and certification.

If you need additional support with your Cyber Essentials Plus certification, you can purchase remote consultancy support by the hour. This service is delivered via email, telephone or Microsoft Teams by one of our cyber security experts.

Benefits

Benefits of Cyber Essentials Plus certification

Higher level of assurance

Cyber Essentials Plus offers a higher level of assurance. It involves a technical audit of the systems that are in scope for Cyber Essentials to verify that the Cyber Essentials controls are in place.

The internal and external scans will identify critical vulnerabilities that may lead to a compromise of your infrastructure.

Work with the UK government and MOD

Cyber Essentials Plus will give you the opportunity to work with the UK government and MOD.

Conditions

Conditions

Cyber Essentials Plus involves a technical audit of the systems that are in scope for Cyber Essentials. This includes a representative set of workstations, mobile devices and build types used by the organisation’s end users to complete their day-to-day duties. The number of builds is defined by the number of configurations of operating systems and software suites installed. If more than one browser or Office suite is used, each variant will need to be tested. If they are installed on the same build, this is acceptable.

  • This package includes on-site testing at one location, of one type of user account, on up to ten sample devices. Additional workstations, mobile devices and build types may need to be tested to meet the sampling requirements of the scheme. If you require more than ten end-user workstations to be tested, you will need to purchase Cyber Essentials Plus Certification – Additional Device Testing. This testing can be conducted remotely in some instances.
  • If you fail any of the Cyber Essentials Plus testing performed as part of the overall engagement, we will provide you with details of further tests required. Any retest should be completed within one month of the original assessment. These tests will be billed separately.
  • The package includes a vulnerability scan for up to 16 IP addresses. If you have more than 16 IP addresses, you will need to purchase additional IP packages in packs of 16. If you fail your external scan, a rescan will need to be purchased, plus any additional IP packages that you need to cover only the failing IP addresses if completed with 14 days of the first passing element.
  • If your business is located outside mainland UK, additional expenses will be charged to accommodate our consultant’s travel time and costs for the on-site assessment. These will be billed separately.
  • If your Cyber Essentials Plus application is unsuccessful, your Cyber Essentials certification may be revoked.

Pre-test requirements

  • All user devices are subject to testing and will be agreed upon before the testing date, including mobile and BYOD (bring your own device), and must be available for testing.
  • All devices within the scope of testing must be user devices and cannot be built specifically for testing.
  • A local user account with username and password must be available for each user group in scope.
  • Devices must have Internet access, allow emails from our test domain and be accessible by our test web server (https://ces.itgovernance.co.uk).
  • You must provide details of a user email account per user group being assessed.
  • Workstation builds must be configured to allow an authenticated vulnerability scan that will determine patch and version numbers of installed software, and you must provide details of the user account to be used.
  • Remote registry must be enabled on the workstation builds, and no global policies that block the authenticated vulnerability scan are permitted.

Customer Reviews

(4.75)stars out of 5
# of Ratings: 4
1. on 22/03/2021, said:
5 stars out of 5
The Team from IT Governance were fantastic to deal with and helped ensure our journey to achieving Cyber Essentials Plus at the first attempt was a painless journey. From our initial enquiries with Yvette to the eventual assessment by the team, we received timely responses to any queries we great advice along the way. We now have far more confidence in the process and will continue to use IT Governance for support in the years to come as we renew our certifications.
2. on 04/11/2020, said:
5 stars out of 5
Very friendly and knowledgeable team, made the process as straight forward as it can be, Thank you :)
3. on 22/09/2020, said:
5 stars out of 5
The team at IT governance are very knowledgeable and great to work with. We have done many assessments with the IT governance team and all been completed smoothly and within time, even with the current COVID situation. Great work guys!
4. on 22/09/2020, said:
4 stars out of 5
Some teething issues with respect to scope and recieving notifications but George (our auditor) was excellent and attended to all our needs to ensure the whole process went smoothly. He explained the process and when we needed to contact him he made every effort to detail what needed to be done. All in all a great credit to IT Governance!
Showing comments 1-4 of 4
This website uses cookies. View our cookie policy
WIN £100
Loading...