Skip to Main Content
United Kingdom
Select regional store:
Limited time offer! Get free access to 8 e-learning courses when you purchase any training course – hurry, offer ends 31 October!
Cyber Essentials Plus - Do It Yourself

Cyber Essentials Plus - Do It Yourself

SKU: 4500
Format: Certification (Online purchases only)

IT Governance is a CREST-accredited Cyber Essentials certification body, so this service includes an external and internal vulnerability scan that independently verifies your security status.

This service will help you achieve CREST-accredited Cyber Essentials Plus certification. It is conducted online and includes:

  • CREST-accredited certification;
  • An external vulnerability scan;
  • An on-site assessment; and
  • An internal vulnerability scan.

This package contains a subscription product that auto-renews in line with our T&Cs

Pay by purchase order | Buy now, pay later! Enjoy the benefits of paying by purchase order with an IT Governance corporate account. Apply online today or call our service centre team on +44 (0)333 800 7000.

Win a free place on our Cyber Security Foundation training course! Simply purchase or renew your Cyber Essentials or Cyber Essentials Plus certification and you’ll be entered into the competition. (T&Cs apply)

Price: £1,550.00
ex vat
Description

In 2020, the NCSC (National Cyber Security Centre) will implement some changes to the Cyber Essentials scheme to prepare it for the future. The current five Cyber Essentials accreditation bodies will be replaced by one. From 1 April 2020, The IASME Consortium will operate as the sole accreditation body for the scheme.

In support of this change, IT Governance will become an IASME-accredited certification body from April next year. We will continue providing the high level of cost-effective ongoing service our clients expect from us and will ensure the transition to the new arrangements is seamless. In the meantime, and in line with current arrangements supported by the NCSC, our clients will continue to be certified under CREST, and all existing and new certifications will continue to be valid and in line with current requirements.


The Do It Yourself package

With this service you can conduct the entire certification process using our secure portal – a user-friendly, no-fuss solution to applying for Cyber Essentials Plus certification. This unique online service enables companies to apply for Cyber Essentials Plus certification following a convenient ‘do it yourself’ approach.

This service is for organisations that have knowledge of all five security controls (secure configuration, boundary firewalls, access controls, patch management and malware protection), and are comfortable carrying out all the preparations for certification.


How the service works

  • We send you details of how to log on to our Cyber Essentials online portal.
  • You define your scope for testing using guidance in the portal.
  •  You complete and submit your SAQ (self-assessment questionnaire).
  • We inform you if the SAQ meets the requirements of the Cyber Essentials scheme.
  • You schedule your on-site assessment, which will include the internal vulnerability scan.
  • You schedule your external vulnerability scan through the portal.
  • We will conduct the on-site assessment and perform the necessary internal scan on a sample of your Internet-facing devices.
  • We will provide you with the results of the internal scan and on-site assessment. If there are nonconformities, we will provide detailed feedback to help you understand how to close these gaps and achieve certification.
  • Subject to a positive outcome, we issue your Cyber Essentials Plus certificate.

Is this service right for you?

  • You are confident in defining the scope of your assessment encompassing the entire organisation; 
  • You own and operate your entire scope of IT infrastructure; 
  • You are familiar with the five key controls covered in the Cyber Essentials questionnaire and how to meet them; or
  • You have previously certified and are looking to renew and your scope has not changed.

If you need help defining your scope, or are unclear about any of the five Cyber Essentials control areas, we recommend that you purchase our Cyber Essentials - Get A Little Help package, as this includes two hours of Live Online consultancy.

We will then be able to help you through the application process. Alternatively, you can buy our Cyber Essentials Live Online Consultancy alongside Cyber Essentials Plus - Do It Yourself.


Take the extra step to strengthen your security with Phishing Staff Awareness training

Phishing Staff Awareness

Human error is one of the leading causes of data breaches. Failing to train your staff on the dos and don’ts of cyber security could be disastrous. Data breaches not only result in financial losses and penalties but can also damage your reputation as consumers lose faith in your brand. Train your staff and take the extra step to boost your security with a phishing staff awareness course.

Empower and educate your staff on the right steps to take to keep your organisation and data secure. Achieving Cyber Essentials certification and implementing phishing staff awareness training will strengthen your defences, further secure your organisation and help to mitigate your risk of attack.

Find out more about the phishing staff awareness course >>

Benefits

Demonstrate security and help secure the supply chain

The Information Commissioner’s Office (ICO), whose job it is to uphold the EU GDPR in the UK, recommends Cyber Essentials as ‘A good starting point’ for the cyber security of the IT you rely on to hold and process personal data.

Increase your chances of securing
business

If you would like to bid for central government contracts that involve handling sensitive and personal information or the provision of certain technical products and services, you will require Cyber Essentials certification. 

Reduce cyber insurance
premiums

Cyber insurance agencies look more favourably on organisations that have achieved Cyber Essentials certification. 

Conditions
  • This package includes on-site testing at one location, of one type of user account, on up to ten device builds. Additional workstations, mobile devices and build types may need to be tested to meet the sampling requirements of the scheme. If you require additional devices to be tested, you will need to purchase Cyber Essentials Plus Additional Device Testing.
  • The package includes a free vulnerability scan for up to 16 IP addresses. If you have more than 16 IP addresses, you will need to purchase additional IP packages in packs of 16. If you fail your external scan, a rescan will need to be purchased, plus any additional IP packages that you need.
  • If your business is located outside mainland UK (England, Scotland and Wales), additional expenses will be charged to accommodate our consultant’s travel for the on-site assessment.
  • For non-web purchases there is an additional £100 manual processing fee.

Pre-test requirements

  • All user device builds to be tested, including mobile and BYOD (bring your own device), must be available for testing.
  • A local user account with username and password must be available for each user group in scope.
  • Devices must have Internet access, allow emails from our test domain and be accessible by our test web server (https://ces.itgovernance.co.uk).
  • You must provide details of a user email account per user group being assessed.
  • Workstation builds must be configured to allow an authenticated vulnerability scan that will determine patch and version numbers of installed software, and details of the account to be used.
  • Remote registry must be enabled on the workstation builds, and no global policies that block the authenticated vulnerability scan are permitted.

Customer Reviews

(5.00)stars out of 5
# of Ratings: 3
1. on 13/07/2016, said:
5 stars out of 5
ICONICS required Cyber Essentials Plus as it was a requirement for the work we do with UK Government departments. It provides validation that the security measures that we have put in place to look after our customer’s data is effective and robust. The process of certification through IT Governance was straight-forward with really helpful contacts right from initial consultation with Zak Rush through to the final certification. The process was completed quickly and very cost effectively and we had great help from Alex Drabek, our on-site auditor. The CyberComply website makes filling in and tracking the process simple. Milesh Patel, Director of Solutions, ICONICS
Showing comments 1-1 of 1
This website uses cookies. View our cookie policy
Free e-learning
Loading...