This website uses cookies. View our cookie policy
United Kingdom
Select regional store:
Cyber Essentials Plus - Do It Yourself

Cyber Essentials Plus - Do It Yourself

SKU: 4500
Format: Certification (Online purchases only)

This package provides everything you need to achieve CREST-accredited Cyber Essentials Plus certification. It includes the review of your self-assessment questionnaire (SAQ), the external and internal vulnerability scans, on-site assessment and the certification service.

Don’t risk it – cyber secure it.

Use this package to achieve certification, win new business, improve your cyber defences and gain recognised cyber security credentials.

A £100 additional administration fee will be incurred for all transactions processed by any other means other than via the website (online payment).

Price: £1,250.00
ex vat


This service has been designed for you to take total control of your Cyber Essentials Plus project. Using our online portal, this is the fastest and most effective route to achieving Cyber Essentials Plus certification.

Organisations wishing to obtain certification to Cyber Essentials Plus can do so without first being certified to Cyber Essentials.

Conduct most of your Cyber Essentials Plus certification process online, efficiently, and at a pace that suits you.


Manage your entire application process online:

  1. You will receive details to log into our online Cyber Essentials portal. Here, you can complete your self-assessment questionnaire (SAQ).
  2. Once completed, submit your SAQ for review through the portal.
  3. You can then schedule the required external vulnerability scans and on-site assessment with our CREST-accredited testing team.
  4. You will receive interim feedback on the SAQ and external scans prior to the on-site assessment.
  5. IT Governance will conduct the on-site assessment and perform the necessary internal scans on a sample of your Internet-facing devices.
  6. We will provide you with the results of internal scans and on-site audit. If there are nonconformities, we will provide detailed feedback to help you understand how to close these gaps and achieve certification.
  7. If you meet all of the scheme’s requirements, we will issue your Cyber Essentials Plus certificate.

Get certification and competitive advantage with Cyber Essentials Plus

This DIY package will not only let you achieve Cyber Essentials Plus certification, you will also get independently verified vulnerability scans by CREST, demonstrating the security of your systems and networks to your customers. Dramatically improve your cyber security, prevent around 80% of attacks and stand out from the crowd with Cyber Essentials Plus certification.

Prevent around 80% of cyber attacks; take the Do It Yourself route to Cyber Essentials Plus certification today.

Important: Please read the testing conditions

View important details about prerequisites for testing here »

The above price is based on on-site testing at one location of one type of user account on up to eight workstation builds and up to five mobile devices (smartphones, tablets*), and with 16 or fewer external IP addresses. Price includes SAQ review, external scans and certification service - Client site visits are subject to travel expenses. Expenses will be assessed and charged in arrears. (Tests for additional IP addresses can be purchased here)

* Microsoft Surface Tablet Pro is treated as a workstation.

The duration and number of locations that must be included in the internal testing are dependent on the number of builds of user devices, including BYOD, that are within the scope of the certification.

The number of locations to be tested depends on whether all the different builds can be tested in one location. It is permissible to arrange a build to be delivered at a particular site for testing purposes, even if it is not normally deployed there, providing it accesses the Internet in its usual manner.

The number of builds is defined by the number of configurations of operating system and the suite of software installed. Examples of relevant software are listed below.

  • Oracle Java
  • Adobe Acrobat
  • Microsoft Office
  • Adobe Flash
  • Mozilla Firefox
  • Google Chrome
  • Opera
  • Microsoft Internet Explorer
  • Anti-virus solution

If more than one browser or Office suite is used, then each variant needs testing. If they are installed on the same build, then this is acceptable.


Pre-test requirements

  • All user device builds to be tested, including mobile and BYOD, must be available for testing.
  • Local user accounts with username and password must be available for each user group in scope.
  • Internet access from the devices being tested must allow the receipt of emails from our test domain and be accessible by our test web server (
  • Details of a user e-mail account per user group being assessed.
  • Workstation builds must be configured to allow an authenticated vulnerability scan that will determine patch and version numbers of installed software, and details of the account to be used.
  • Remote registry must be enabled on the workstation builds, and no global policies that block the authenticated vulnerability scan are permitted.
  • Click here for repeat testing and assessment fees >>
  • Read our Cyber Essentials FAQs here.

Please contact us at or call us on +44 (0)845 070 1750 for further details and clarification about the requirements.



Client site visits, where required, are subject to travel expenses. Expenses will be assessed and charged in arrears.


Compare our Cyber Essentials and Cyber Essentials Plus packaged solutions >>


Customer Reviews

(3# of Ratings:)
3 people found this comment helpful
0 did not
Was this comment helpful?
ICONICS required Cyber Essentials Plus as it was a requirement for the work we do with UK Government departments. It provides validation that the security measures that we have put in place to look after our customer’s data is effective and robust. The process of certification through IT Governance was straight-forward with really helpful contacts right from initial consultation with Zak Rush through to the final certification. The process was completed quickly and very cost effectively and we had great help from Alex Drabek, our on-site auditor. The CyberComply website makes filling in and tracking the process simple. Milesh Patel, Director of Solutions, ICONICS
Showing comments 1-1 of 1