This website uses cookies. View our cookie policy
United Kingdom
Select regional store:

Cyber Essentials packaged solutions


IT Governance’s fixed-price solutions can help you achieve certification to either Cyber Essentials or Cyber Essentials Plus at a pace and for a budget that suits you.

All Cyber Essentials certifications are managed through IT Governance’s Cyber Essentials online portal. This is a unique online service that enables companies to follow a convenient do-it-yourself approach, including managing and tracking the certification process.


Cyber Essentials

The Cyber Essentials certification process includes a self-assessment questionnaire (SAQ) and an external vulnerability scan. This ensures that best practice is in place and that there are no known vulnerabilities present on the Internet-facing networks and applications.


Do It Yourself Get A Little Help Get A Lot Of Help

CREST certification

External vulnerability scan*

Documentation toolkit


Live online consultancy (2 hrs)



On-site consultancy (1 day)



On-site assessment**




Internal vulnerability scan








  Buy Buy Buy


Cyber Essentials Plus

Cyber Essentials Plus certification includes all of the assessments for the Cyber Essentials certification, and also includes an additional internal scan and an on-site assessment of your infrastructure, specifically focusing on workstations and mobile devices.


Do It Yourself + Get A Little Help + Get A Lot Of Help +

CREST certification

External vulnerability scan*

Documentation toolkit


Live online consultancy (2 hrs)



On-site consultancy (1 day)



On-site assessment**

Internal vulnerability scan





  Buy Buy Buy

*All of our packages include an external vulnerability scan that covers up to 16 IP addresses.

** All of our Cyber Essentials Plus packages are based on on-site testing at one location, of one type of user account, on up to ten device builds. Additional workstations, mobile devices and build types may need to be tested to meet sampling requirements of the scheme. For further information, please see our FAQ section.

Please view the individual product pages for further details about specific testing requirements and conditions. All of our prices exclude VAT.

Alternatively, email us or call +44 (0)333 800 7000 for a custom quote.


Which package should you choose?

Do It Yourself

  • You have reviewed IT Governance’s scoping guide and are confident in defining the scope of your assessment encompassing the entire organisation; and
  • You own and operate your entire scope of IT infrastructure; and
  • You are familiar with the five key controls covered in the Cyber Essentials Questionnaire and how to meet them.


  • You have previously certified and are looking to renew and your scope has not changed.


Get A Little Help

  • You have a more complex or expansive IT infrastructure, which may be Cloud-based or a shared office environment; and
  • You are confident you have the skills to define your scope but have some questions about what should be included; and
  • You know how to configure your IT to improve security but do not fully understand the five key controls.


Get A Lot Of Help

  • You are a highly complex organisation with a range of IT infrastructure; or
  • You want to achieve certification for a specific site or subset of your organisation where there are dependencies on other parts of the organisation; or
  • You have not previously certified and have little or no knowledge of how to define your scope or meet the five controls.



Cyber Essentials provides a basic level of cyber security; if you are interested in progressing to a more advanced stage of information security by implementing a holistic information security management system, you can discover more by reading about ISO 27001 and the Cyber Essentials scheme >>


Cyber Essentials package extras

Cyber Essentials Plus Additional Device Testing

Purchase additional device testing days for your Cyber Essentials Plus on-site assessment (where more than ten devices need to be tested).

£1,095 ex VAT

Cyber Essentials Vulnerability Scan Additional IPs

If you have more than 16 IP addresses, you will need to expand your external vulnerability scan to account for them. These are purchased in blocks of 16 IP addresses.

£100 Per block

LiveOnline Consultancy

Live Online consultancy is ideal for companies that are uncertain about the requirements of the scheme, which option to choose, or how to define the scope of the certification.

£150 Per hour

Cyber Essentials Plus Health Check

This bespoke on-site service is designed for larger organisations with more complicated networks and scoping needs, and will assess your current environment against the requirements of Cyber Essentials Plus.

Price on application

Documentation Toolkit

This toolkit includes all the necessary work procedures and processes for ensuring that the controls you implement are effective.


Cyber Essentials Gap Analysis Tool

This tool enables you to identify the controls that you need to put in place in order to meet the requirements of the Cyber Essentials scheme, and monitors your progress towards compliance.

Available in multiple formats.


Cyber Essentials – A Pocket Guide

If you are completely new to the Cyber Essentials scheme, we recommend reading Cyber Essentials – A Pocket Guide. The guide is a non-technical explanation of Cyber Essentials, making it easy for anyone to understand the scheme and how to meet its requirements.

Available in multiple formats.


Package contents explained

CREST Certification (Back to table)

All companies that meet the requirements of Cyber Essentials or Cyber Essentials Plus will be certified by IT Governance, which is a CREST-accredited Cyber Essentials certification body.


External vulnerability scan (Back to table)

All of our Cyber Essential packages include an external vulnerability scan. This is an additional service that independently verifies the security status of each company that undergoes Cyber Essentials certification through us. Non-CREST-accredited certification bodies may not offer this service.

Cyber Essentials documentation toolkit (Back to table)

The Cyber Essentials documentation toolkit includes all of the necessary customisable policies and procedures to meet the Cyber Essentials requirements. The templates include guidance on correctly implementing and maintaining your cyber security controls.


Live Online consultancy (Back to table)

If you need guidance or just peace of mind on any part of the Cyber Essentials certification process, then our Live Online consultancy is perfect for you. Our team of consultants have helped to certify hundreds of organisations and provide expert advice.


On-site consultancy (Back to table)

On-site consultancy is conducted by an expert cyber security practitioner. They will provide guidance on completing the self-assessment questionnaire and how to implement the five controls required by the scheme, and will help define the scope for certification.


On-site assessment (Back to table)

The on-site assessment is a requirement for all companies wishing to achieve Cyber Essentials Plus. We will visit your office(s) and thoroughly check whether the solutions you have put in place comply with the control requirements.


Internal vulnerability scan (Back to table)

The internal vulnerability scan is a requirement for all companies wishing to achieve Cyber Essentials Plus. It involves a scan of your in-scope internal network, with a focus on workstations and mobile devices. It aims to find out whether the Cyber Essentials controls have been properly implemented and to check that known vulnerabilities have been addressed.

Other products you might be interested in:

Speak to an expert

Please contact our team for advice and guidance on our Cyber Essentials products and services.