Cyber Essentials Plus
Cyber Essentials Plus
Cyber Essentials Plus is an expansion upon the “Cyber Essentials Verified Self-Assessment” that includes an audit of the organisations IT systems. An organisation must have Cyber Essentials verified self-assessed certification prior to applying for Cyber Essentials Plus. Please note our Plus packages include Cyber Essentials Verified Self-Assessment.
Cyber Essentials Plus involves an audit of your system by one of our trained assessors. The aim of the assessment is to confirm that all controls that have been declared in Cyber Essentials are implemented on the organisations network. By undertaking and completing Cyber Essentials Plus, you can declare publicly to your supply chain and customers, that your organisation has been proven to meet baseline security standards set out by Cyber Essentials – enabling you to interact with clients, business partners and staff confidently and securely.
The key elements of a Cyber Essentials Plus audit can be summarised as follows:
- An assessor will pick a sample of computers at your organisation (up to 5 of each type of machine depending on scale of your network) and perform an audit to ensure that the devices are configured as per the scheme.
- A vulnerability scan will be performed on these machines to confirm patching and basic configuration is at an acceptable level
- An external port scan of your internet facing IP addresses will be conducted to ensure no clear and obvious misconfigurations or vulnerabilities can be identified.
- A test will be conducted on your default email/internet browser to confirm how well configured they are to prevent execution of fake malicious files.
- Screenshots will be taken as evidence that the system is Cyber Essentials compliant.
Should there be any issues identified that require remediation, the organisation will have 30 days to remedy the issues else the organisation will be considered to have failed the audit (Please see Cyber Essentials Plus Extra if more time is required)
On successful certification of your organisation you will be provided with a certificate that is valid for 12 months from pass date. Please be aware this must be renewed yearly. Optionally, you may be added to a list of Cyber Essentials certified companies, and you can hence forth advertise your organisations compliance to the Cyber Essentials Scheme.
We offer two different routes to Plus Certification:
- Includes Cyber Essentials online self-assessment. This is completed via our online portal Pervade
- Cyber Essentials remote audit. (onsite audits and available on request.)
- Online and email support available weekdays. (up to 48hr reply)
- Please be aware, on submission of your self-assessment answers, should any revisions be required these must be remedied and submitted within 2 days and for the plus audit you have 30days, or the application will be marked as a fail
Cyber Essentials Plus Extra
Plus Extra includes everything that Cyber Essentials Plus, but adds an additional layer of support. In effect, we will perform an pre-audit of your system prior to the final audit to ensure that your organisation is prepared to pass first time. This is ideal for organisations who wish to get Cyber Essentials Plus Certified but are unsure if their organisation has achieved the required level.
Whilst we need to remain independent throughout the process, and therefore cannot directly engaged with your systems to implement change, we can assist by delivering advice on what changes must be made to get certified. Once we feel that your organisation is setup to the correct standard we would then arrange the final audit.