Cyber Essentials packaged solutions
IT Governance’s fixed-price solutions can help you achieve certification to either Cyber Essentials or Cyber Essentials Plus at a pace and for a budget that suits you.
All Cyber Essentials certifications are managed through IT Governance’s Cyber Essentials online portal. This is a unique online service that enables companies to follow a convenient do-it-yourself approach, including managing and tracking the certification process.
The Cyber Essentials certification process includes a self-assessment questionnaire (SAQ) and an external vulnerability scan. This ensures that best practice is in place and that there are no known vulnerabilities present on the Internet-facing networks and applications.
Cyber Essentials Plus
Cyber Essentials Plus certification includes all of the assessments for the Cyber Essentials certification, and also includes an additional internal scan and an on-site assessment of your infrastructure, specifically focusing on workstations and mobile devices.
*All of our packages include an external vulnerability scan that covers up to 16 IP addresses.
** All of our Cyber Essentials Plus packages are based on on-site testing at one location, of one type of user account, on up to ten device builds. Additional workstations, mobile devices and build types may need to be tested to meet sampling requirements of the scheme. For further information, please see our
Please view the individual product pages for further details about specific testing requirements and conditions. All of our prices exclude VAT.
Alternatively, email us or call +44 (0)333 800 7000 for a custom quote.
Which package should you choose?
Do It Yourself
- You have reviewed
IT Governance’s scoping guide and are confident in defining the scope of your assessment encompassing the entire organisation; and
- You own and operate your entire scope of IT infrastructure; and
- You are familiar with the five key controls covered in the Cyber Essentials Questionnaire and how to meet them.
- You have previously certified and are looking to renew and your scope has not changed.
Get A Little Help
- You have a more complex or expansive IT infrastructure, which may be Cloud-based or a shared office environment; and
- You are confident you have the skills to define your scope but have some questions about what should be included; and
- You know how to configure your IT to improve security but do not fully understand the five key controls.
Get A Lot Of Help
- You are a highly complex organisation with a range of IT infrastructure; or
- You want to achieve certification for a specific site or subset of your organisation where there are dependencies on other parts of the organisation; or
- You have not previously certified and have little or no knowledge of how to define your scope or meet the five controls.
Cyber Essentials provides a basic level of cyber security; if you are interested in progressing to a more advanced stage of information security by implementing a holistic information security management system, you can discover more by reading about ISO 27001 and the Cyber Essentials scheme >>
Cyber Essentials package extras
Cyber Essentials Plus Additional Device Testing
Purchase additional device testing days for your Cyber Essentials Plus on-site assessment (where more than ten devices need to be tested).
Cyber Essentials Vulnerability Scan Additional IPs
If you have more than 16 IP addresses, you will need to expand your external vulnerability scan to account for them. These are purchased in blocks of 16 IP addresses.
Live Online consultancy is ideal for companies that are uncertain about the requirements of the scheme, which option to choose, or how to define the scope of the certification.
Cyber Essentials Plus Health Check
This bespoke on-site service is designed for larger organisations with more complicated networks and scoping needs, and will assess your current environment against the requirements of Cyber Essentials Plus.
This toolkit includes all the necessary work procedures and processes for ensuring that the controls you implement are effective.
Cyber Essentials Gap Analysis Tool
This tool enables you to identify the controls that you need to put in place in order to meet the requirements of the Cyber Essentials scheme, and monitors your progress towards compliance.
Available in multiple formats.
Cyber Essentials – A Pocket Guide
If you are completely new to the Cyber Essentials scheme, we recommend reading Cyber Essentials – A Pocket Guide. The guide is a non-technical explanation of Cyber Essentials, making it easy for anyone to understand the scheme and how to meet its requirements.
Available in multiple formats.
Package contents explained
All companies that meet the requirements of Cyber Essentials or Cyber Essentials Plus will be certified by IT Governance, which is a CREST-accredited Cyber Essentials certification body.
All of our Cyber Essential packages include an external vulnerability scan. This is an additional service that independently verifies the security status of each company that undergoes Cyber Essentials certification through us. Non-CREST-accredited certification bodies may not offer this service.
Cyber Essentials documentation toolkit (Back to table)
The Cyber Essentials documentation toolkit includes all of the necessary customisable policies and procedures to meet the Cyber Essentials requirements. The templates include guidance on correctly implementing and maintaining your cyber security controls.
If you need guidance or just peace of mind on any part of the Cyber Essentials certification process, then our Live Online consultancy is perfect for you. Our team of consultants have helped to certify hundreds of organisations and provide expert advice.
On-site consultancy is conducted by an expert cyber security practitioner. They will provide guidance on completing the self-assessment questionnaire and how to implement the five controls required by the scheme, and will help define the scope for certification.
The on-site assessment is a requirement for all companies wishing to achieve Cyber Essentials Plus. We will visit your office(s) and thoroughly check whether the solutions you have put in place comply with the control requirements.
The internal vulnerability scan is a requirement for all companies wishing to achieve Cyber Essentials Plus. It involves a scan of your in-scope internal network, with a focus on workstations and mobile devices. It aims to find out whether the Cyber Essentials controls have been properly implemented and to check that known vulnerabilities have been addressed.
Other products you might be interested in: