Skip to Main Content
Manage all your compliance documentation in one place | Access, customise and collaborate whenever, wherever and however you need | Shop toolkits
Cyber Essentials Plus Internal Retest

Cyber Essentials Plus Internal Retest

SKU: 4837
Authors: ITGP
Format: Consultancy
  • Retake your Cyber Essentials Plus test.
  • Delivered by one of the founding Cyber Essentials certification bodies, which remains one of the largest in the UK.
Price: £1,250.00
ex. VAT

Retaking your internal test

Cyber Essentials Plus certification requires a test of your organisation’s in-scope internal network, with a focus on workstations and mobile devices and external-facing infrastructure such as domains, servers and routers.

If you fail your initial internal tests, then you need to purchase this retest.

The prerequisites for testing

All our Cyber Essentials Plus packages are based on on-site testing at one location, of one type of user account, on up to ten sample devices. Additional workstations, mobile devices and build types may need to be tested to meet sampling requirements of the scheme. For further information, please see our FAQs.

Net Promoter score of +68

Our Cyber Essentials services have an excellent NPS (Net Promoter Score) of +68

The number of locations to be tested depends on whether all the different builds can be tested in one location. It is permissible to arrange a build to be delivered at a particular site for testing purposes, even if it is not normally deployed there, providing it accesses the Internet in its usual manner.

The number of builds is defined by the number of configurations of operating system and the suite of software installed. Examples of relevant software are listed below:

  • Oracle Java
  • Adobe Acrobat
  • Microsoft Office
  • Adobe Flash
  • Mozilla Firefox
  • Google Chrome
  • Opera
  • Microsoft Internet Explorer
  • Antivirus solution

If more than one browser or Office suite is used, each variant will need to be tested. If they are installed on the same build, this is acceptable. The table below can be used to determine the representative sample size for each build type:

Number of devices by build type Sample of devices to be tested
1 1
2–5 2
6–19 3
20–60 4
61+ 5

Is this service for you?

The internal retest is for organisations that fail their initial Cyber Essentials Plus certification internal assessments.


Benefits of Cyber Essentials Plus certification

Work with the best

IT Governance is one of the founding Cyber Essentials certification bodies and remains one of the largest in the UK. We have issued more than 5,500 certifications worldwide and our broad range of fixed-price services has helped thousands of organisations achieve baseline cyber security.

Higher level of assurance

Cyber Essentials Plus offers a higher level of assurance. It involves a technical audit of the systems that are in scope for Cyber Essentials to verify that the Cyber Essentials controls are in place. The internal and external scans will identify critical vulnerabilities that may lead to a compromise of your infrastructure.

Work with the UK government and MOD

Cyber Essentials Plus gives you the opportunity to work with the UK government and MOD.

Be listed on the National Cyber Security Centre’s database

Cyber Essentials certificates issued in the previous 12 months are listed on the NCSC website, showing suppliers your commitment to protecting your and your customers’ data.

The NCSC (National Cyber Security Centre)

The NCSC (National Cyber Security Centre) has reviewed what influence Cyber Essentials has on cyber security attitudes and behaviours. It found:

  • 93% of certified organisations are confident that they are protected against common, Internet-based cyber attacks;
  • 61% of certified organisations say they are more likely to choose suppliers with Cyber Essentials or Cyber Essentials Plus certification; and
  • Certified organisations are more likely to implement cyber security controls beyond the scheme’s five controls, and are more aware of the risks posed by cyber attacks.

Test requirements

  • All user devices are subject to testing and will be agreed upon before the testing date, including mobile and BYOD (bring your own device), and must be available for testing.
  • All devices within the scope of testing must be user devices and cannot be built specifically for testing.
  • A local user account with username and password must be available for each user group in scope.
  • Devices must have Internet access, allow emails from our test domain and be accessible by our test web server (
  • You must provide details of a user email account per user group being assessed.
  • Workstation builds must be configured to allow an authenticated vulnerability scan that will determine patch and version numbers of installed software, and you must provide details of the user account to be used.
  • Remote registry must be enabled on the workstation builds, and no global policies that block the authenticated vulnerability scan are permitted.

Click here for repeat testing and assessment fees.


  • This product is supplementary to the Cyber Essentials Plus certification service provided by IT Governance.
  • This product cannot be purchased unless the Cyber Essentials Plus certification service is being provided by IT Governance.
  • Each retest package includes on-site testing at one location, of one type of user account, on up to ten sample devices. Additional workstations, mobile devices and build types may need to be tested to meet the sampling requirements of the scheme. If you require more than ten end-user workstations to be tested, you will need to purchase Cyber Essentials Plus Certification – Additional Device Testing. This testing can be conducted remotely in some instances.
  • If your business is located outside mainland UK, additional expenses will be charged to accommodate our consultant’s travel time and costs for the on-site assessment. These will be billed separately.

Customer Reviews

This website uses cookies. View our cookie policy
WIN £100