Cyber Essentials Plus certification requires a test of your organisation’s in-scope internal network, with a focus on workstations and mobile devices and external-facing infrastructure such as domains, servers and routers.
If you fail your initial internal tests, then you need to purchase this retest.
All our Cyber Essentials Plus packages are based on on-site testing at one location, of one type of user account, on up to ten sample devices. Additional workstations, mobile devices and build types may need to be tested to meet sampling requirements of the scheme. For further information, please see our FAQs.
Our Cyber Essentials services have an excellent NPS (Net Promoter Score) of +68
The number of locations to be tested depends on whether all the different builds can be tested in one location. It is permissible to arrange a build to be delivered at a particular site for testing purposes, even if it is not normally deployed there, providing it accesses the Internet in its usual manner.
The number of builds is defined by the number of configurations of operating system and the suite of software installed. Examples of relevant software are listed below:
If more than one browser or Office suite is used, each variant will need to be tested. If they are installed on the same build, this is acceptable. The table below can be used to determine the representative sample size for each build type:
Number of devices by build type | Sample of devices to be tested |
---|---|
1 | 1 |
2–5 | 2 |
6–19 | 3 |
20–60 | 4 |
61+ | 5 |
The internal retest is for organisations that fail their initial Cyber Essentials Plus certification internal assessments.
IT Governance is one of the founding Cyber Essentials certification bodies and remains one of the largest in the UK. We have issued more than 5,500 certifications worldwide and our broad range of fixed-price services has helped thousands of organisations achieve baseline cyber security.
Cyber Essentials Plus offers a higher level of assurance. It involves a technical audit of the systems that are in scope for Cyber Essentials to verify that the Cyber Essentials controls are in place. The internal and external scans will identify critical vulnerabilities that may lead to a compromise of your infrastructure.
Cyber Essentials Plus gives you the opportunity to work with the UK government and MOD.
Cyber Essentials certificates issued in the previous 12 months are listed on the NCSC website, showing suppliers your commitment to protecting your and your customers’ data.
The NCSC (National Cyber Security Centre) has reviewed what influence Cyber Essentials has on cyber security attitudes and behaviours. It found:
Click here for repeat testing and assessment fees.