Cyber Essentials FAQs


cyber essentials cyber security
Steve Burden
Head of Cyber Security

Welcome to our Cyber Essentials (CE) FAQs, your go-to resource for all your questions about Cyber Essentials certification. Understanding the ins and outs of Cyber Essentials is vital. Head of Security, Steve Burden, is here to guide you through some of the most common inquiries customers pose regarding Cyber Essentials certification.

Cyber Essentials certification is your compass for navigating the digital landscape with confidence. Whether you’re looking to differentiate your organisation in a competitive market, enhance security, or instil trust in your stakeholders, Cyber Essentials is the foundation upon which you can build. It’s not just a one-time effort but a commitment to ongoing security and protection against the ever-growing cyber threats.

Cyber Essentials PLUS includes exactly the same essential requirements as the ‘basic’ Cyber Essentials assessment, with the addition of a more rigorous on-site testing, to verify your answers to the questionnaire and ensure you are protected against various attack scenarios. This extra stage of independent testing gives you even greater peace of mind that your security fully meets the requirements, and further emphasises your commitment to cyber security. Since April 2020 Cyber Essentials is now a prerequisite for Cyber Essentials PLUS.
While Cyber Essentials and Cyber Essentials PLUS are suitable for organisations of all sizes, for particularly large organisations or those holding especially high-risk information, it must be emphasised that they should only be one part of a much larger cyber security programme. In these instances, we recommend Cyber Essentials PLUS as a more in-depth form of testing to complement your existing security measures.

Certification to Cyber Essentials is mandatory for Central Government organisations whose services involve the handling of personal information, as well as the provision of some IT services.

If your organisation fails a Cyber Essentials assessment, a retest can be carried out once you have remediated the issues found. Retesting can be included as part of the initial engagement or scoped separately, however, the delay between the original assessment and retest should not exceed thirty days. In order to provide a passing result, you need to be able to demonstrate that you haven’t just fixed a problem to get through the assessment. This isn’t designed to be a ‘tick-box’ exercise, and the solution should be tailored to benefit your organisation.
Whilst it is your responsibility to determine which of your systems are in-scope, you should ensure you include all Internet connected end-user devices (desktop PCs, laptops, tablets and smartphones) and Internet connected systems (e.g. email, web and application servers). If you are struggling to identify your scope, we provide the option of an on-site pre-assessment day to guide you through the process.
Certification to other standards, for example ISO 27001, does not reduce the CE/CE+ assessment requirements.
The principles of Cyber Essentials are the basics of any security programme. Therefore, we highly recommend that organisations maintain the scheme on an ongoing basis. We also recommend scheduling annual reassessments, to ensure that your protection remains in line with the requirements of the standard, to better protect your organisation against the ever-growing number of cyber security threats.

Empower your business with Cyber Essentials certification and navigate the digital landscape with confidence.

If you have any more questions or require further guidance on Cyber Essentials, please feel free to reach out to us. Your journey to enhanced security, trust, and competitive advantage begins here.

Talk to one of our specialists.
Call us on
0344 863 3000