Protect your information

The Cyber Essentials scheme provides a recognised certification for organisations in the UK to demonstrate to their customers & partners that they are taking reasonable step to protect themselves against Internet cyber attacks. Achieving the certification status will infer confidence in your customers and partners.

UK Government driven

Getting companies certified to Cyber Essentials is a key Government priority. As a result of this drive, certification is fast becoming a minimum requirement for companies who wish to be included in Government tenders. It is anticipated that the private sector will follow suit and insist that organisations attain this certification as a minimum requirement if they wished to be considered in any commercial procurement process.

Get peace of mind

Cyber Essentials will provide you with certification that your business is practising good basic security due diligence. Undertaking an independent audit of your security controls to validate that they are fit for purpose should make sleepless nights, thinking about what could happen, a distant memory.

What your peers are saying

  • "Our law firm holds confidential information from our clients and we adopted the Cyber Essentials Plus scheme to ensure that we cover the common cyber attacks. originated from the Internet. The process was a success."
    Susan WhiteLaw Firm CEO
  • "10 out of 10. Going through the Cyber Essentials PLUS is making a significant change on our logistics business. The process required a bit of effort at our end, ensuring that we update our systems and antivirus. We are delighted with the improvement and our systems are more robust."
    Tom GrayDomestic Third-party Logistics
  • “The certification process was easier than expected and with the guidance provided as was able to pass. Moreover, the new security controls significantly increased the security of my business and gave me the confidence to take my business to the next level.”
    John McDonaldArchitecture Studio Owner

A few things about the scheme



Cyber Essentials

This is the “Stage 1″ of the certification. It involves responding to the Cyber Essentials questionnaire which covers the requirements for basic technical protection from Internet cyber attacks.

An external vulnerability scan will be performed, where a number of attack scenarios will be covered, such as unpatched servers, default passwords, etc.



Cyber Essentials PLUS

The “Stage 2″ assessment can only be conducted once “Stage 1″ has been performed, and includes a more thorough assessment where an internal vulnerability scan takes place.
cyber essentials certification

Steps in the certification process


Set the scope

The scope needs to comprise of  the systems believed to be at risk from Internet-based attacks. For example, your external infrastructure.



Cyber Essentials Questionnaire

We will share with you a questionnaire which includes a number of questions with regard to your current security. This questionnaire will need to be signed by the CEO, attesting its accuracy.

Questionnaire review

We will review the questionnaire and ensure that your controls are configured as required.

External assessment

We will perform a network and vulnerability scan of your externally facing infrastructure, as an anonymous external attacker would do.

Stage 1 results

You will receive the results of the assessment in a report, where you will be able to understand what your security exposure to Internet attacks is.

Internal vulnerability scan

This scan will scan a representative sample of devices (desktop and mobile) to determine whether the internal controls are in place and whether they could be compromised.

...and the final step: Cyber Essentials Certificate!

We will update the Cyber Essentials database, issue a certificate to your organization and provide you with a certificate number that you can distribute to show that you take security seriously.