This website uses cookies. View our cookie policy
Close
United Kingdom
Select regional store:
Cyber Essentials Plus - Do It Yourself

Cyber Essentials Plus - Do It Yourself

SKU: 4500
Format: Certification (Online purchases only)
CREST

IT Governance is a CREST-accredited Cyber Essentials certification body, meaning that this service includes an external and internal vulnerability scan that independently verifies your security status.

This service will help you achieve CREST-accredited Cyber Essentials Plus certification for just £1,250. It is conducted online and includes:

  • CREST-accredited certification
  • An external vulnerability scan
  • One full day of on-site consultancy and
  • An external vulnerability scan.
Price: £1,250.00
ex vat

Description

This solution is for organisations that have knowledge of the five security controls (secure configuration, boundary firewalls, access controls, patch management and malware protection), and are comfortable carrying out all of the preparation for certification.

How the application process works

  • We send you details of how to log on to our Cyber Essentials online portal.
  • You define your scope for testing, which will either be the whole organisation’s enterprise IT or a subset.
  • You complete and submit your self-assessment questionnaire (SAQ).
  • We inform you if the SAQ meets the requirements of the Cyber Essentials scheme.
  • You schedule your on-site assessment, which will include the internal vulnerability scan.
  • You schedule your external vulnerability scan through the portal.
  • We will conduct the on-site assessment and perform the necessary internal scan on a sample of your Internet-facing devices.
  • We will provide you with the results of the internal scan and on-site assessment. If there are nonconformities, we will provide detailed feedback to help you understand how to close these gaps and achieve certification.
  • Subject to a positive outcome, we issue your Cyber Essentials Plus certificate.

If you need help defining your scope, or are unclear about any of the five Cyber Essentials control areas, we recommend that you purchase our Cyber Essentials Plus Get A Little Help package, as this includes two hours of Live Online consultancy. We will then be able to help you through the application process. Alternatively, you can buy our Live Online consultancy alongside your Cyber Essentials Plus Do It Yourself application.

 

Testing conditions

Prerequisites

The package price is based on on-site testing at one location, of one type of user account, on up to eight workstation builds and up to five mobile devices (smartphones and tablets*). The duration and the number of locations that must be included in the internal testing depend on the number of user device builds, including BYOD, that are within the scope of the certification.

*Microsoft Surface Pro Tablet is treated as a workstation.

The number of locations to be tested depends on whether all the different builds can be tested in one location. A build can be delivered to a particular site for testing purposes even if it is not normally deployed there, providing it accesses the Internet in its usual manner.

The number of builds is defined by the number of configurations of operating system and software suites installed. Examples of relevant software are listed below:

  • Oracle Java
  • Adobe Acrobat
  • Microsoft Office
  • Adobe Flash
  • Mozilla Firefox
  • Google Chrome
  • Opera
  • Microsoft Internet Explorer
  • Antivirus solution

If more than one browser or Office suite is used, each variant will need to be tested. If they are installed on the same build, this is acceptable.

 

Pre-test requirements

  • All user device builds to be tested, including mobile and BYOD, must be available for testing.
  • A local user account with username and password must be available for each user group in scope.
  • Devices must have Internet access, allow emails from our test domain and be accessible by our test web server (https://ces.itgovernance.co.uk).
  • You must provide details of a user email account per user group being assessed.
  • Workstation builds must be configured to allow an authenticated vulnerability scan that will determine patch and version numbers of installed software, and details of the account to be used.
  • Remote registry must be enabled on the workstation builds, and no global policies that block the authenticated vulnerability scan are permitted.

 

Additional conditions and expenses

The on-site assessment is subject to additional travel expenses, which will be charged in arrears.

The package includes a free vulnerability scan for up to 16 IP addresses. If you have more than 16 IP addresses, you will need to purchase additional IP packages in packs of 16. If you fail your external scan, a rescan will need to be purchased, plus any additional IP packages that you need.

View all the repeat testing and assessment fees here >>

Read our Cyber Essentials FAQ >>

 

Benefits of Cyber Essentials

The Cyber Essentials scheme is a world-leading, cost-effective assurance mechanism for companies of all sizes to demonstrate that the most important cyber security controls have been implemented.

It provides five security controls that, according to the UK government, could prevent “around 80% of cyber attacks”.

Correctly implemented cyber security has the additional advantage of driving business efficiency throughout the organisation, saving money and improving productivity.

Protect your organisation from approximately 80% of cyber attacks

Implementing the five controls correctly will help protect your organisation.

Drive business efficiency

Focus on your core business objectives knowing that you are protected from the majority of cyber attacks.

Demonstrate security and help secure the supply chain

Demonstrate your commitment to protecting your own data and that of your customers and suppliers.

Work with the UK government and the MOD

Cyber Essentials will permit you to work with the UK government and Cyber Essentials Plus will give you the opportunity to work with the MOD.

Increase your chances of securing business

Boost your reputation and have a greater chance of winning contracts.

Reduce cyber insurance premiums

Cyber insurance agencies often look more favourably on organisations that have achieved Cyber Essentials certification.

 

Customer Reviews

(3# of Ratings:)
13/07/2016
3 people found this comment helpful
0 did not
Was this comment helpful?
|
ICONICS required Cyber Essentials Plus as it was a requirement for the work we do with UK Government departments. It provides validation that the security measures that we have put in place to look after our customer’s data is effective and robust. The process of certification through IT Governance was straight-forward with really helpful contacts right from initial consultation with Zak Rush through to the final certification. The process was completed quickly and very cost effectively and we had great help from Alex Drabek, our on-site auditor. The CyberComply website makes filling in and tracking the process simple. Milesh Patel, Director of Solutions, ICONICS
Showing comments 1-1 of 1
Loading...