Cyber Essentials

Strengthen Your Security with Cyber Essentials Certification

Achieve government-backed cybersecurity certification quickly and confidently with IS Partners. Our experts will:

Identify gaps in your security controls and provide a clear remediation roadmap

Help you implement the five core Cyber Essentials controls to reduce common cyber threats

Guide you through the certification process to ensure a smooth and successful submission

Get a Quote

What Is Cyber Essentials?

Prepare to Achieve Cyber Essentials Certification

Cyber Essentials is a government-backed cybersecurity certification designed to help organizations protect themselves against the most common cyber threats. It focuses on five core technical controls, secure configuration, access control, boundary firewalls and internet gateways, malware protection, and patch management, that significantly reduce the risk of cyberattacks. Achieving certification demonstrates your commitment to cybersecurity best practices while strengthening trust with customers, partners, and stakeholders.

BENEFITS

Expert-Led Support for Cyber Essentials Success

Cost-Effective Certification

Achieve Cyber Essentials certification efficiently with a structured, right-sized approach designed to minimize disruption and control costs while meeting all scheme requirements.

Certified Cybersecurity Experts

Work directly with experienced security professionals who understand both the technical controls and the compliance expectations behind successful certification.

Strengthened Security Posture

Implement the five core Cyber Essentials controls to reduce exposure to common cyber threats such as phishing, ransomware, and malware attacks.

Build Trust & Win Business

Demonstrate your commitment to cybersecurity best practices, strengthen customer confidence, and meet contractual security requirements with verified certification.

Get Started With Cyber Essentials Certification

What’s the Difference?

Cyber Essentials VS. Cyber Essentials Plus

Both certifications confirm your organization has implemented the five required security controls.

Cyber Essentials is a self-assessment reviewed by a certification body.
Cyber Essentials Plus includes independent, hands-on technical verification of those controls.

Cyber Essentials Plus provides a higher level of assurance and may carry greater weight with customers and regulators.

Not sure which is right for you? Talk to our team.

TIMEFRAME & FREQUENCY

How Long Does Cyber Essentials Take?

Most organizations can achieve Cyber Essentials certification within 2–6 weeks, depending on:

Current security maturity
Number of systems and users in scope
Remediation required to meet the five core controls

For organizations pursuing Cyber Essentials Plus, additional time may be required for independent technical verification and testing.

How Often Is Certification Required?

Cyber Essentials certification is valid for 12 months and must be renewed annually to maintain certification status. IS Partners helps you:

Prepare efficiently the first time
Maintain ongoing compliance
Simplify annual renewals

WHY CHOOSE US

Your Trusted SOC 2 Audit Firm

Choose IS Partners for unparalleled expertise in navigating SOC 2 compliance, ensuring your organization meets the highest security standards. Our dedicated team provides customized solutions that protect your data and prove to customers, partners and vendors that you are serious about protecting their data.

Full U.S.-based team

Ensures a better understanding of the local business nuances and regulations.

No Outsourcing

Work with the same dedicated team throughout the entire process.

One-stop shop

Saves time and effort by offering all requisite services under one roof.

Over 20 years of experience

Gives you access to our deep industry insights and tried-and-tested methods.

Compatibility with your compliance software

Offers the flexibility to integrate with existing software like Drata, Vanta, or any other.

Software Included (FREE!)

Benefit from our proprietary software at no additional cost.

Get a Quote

WHAT’S INCLUDED

Comprehensive Cyber Essentials Certification Support

Our structured engagement is designed to eliminate confusion and streamline certification.

Cyber Essentials Includes:

Scope definition and eligibility guidance

Detailed review of the five required security controls

Gap analysis and remediation roadmap

Self-Assessment Questionnaire (SAQ) completion support

Evidence guidance and documentation review

Certification submission assistance

Remediation support if clarifications are required

We don’t just help you fill out a questionnaire, we ensure your controls stand up to scrutiny.

Get a Quote

PROCESS

Our Proven Cyber Essentials Certification Process

Scope & Readiness Review: We define what systems are in scope for Cyber Essentials (devices, servers, networks, cloud assets).

Control Implementation & Hardening: We evaluate your implementation of the five core controls and guide process improvements.

Self-Assessment Questionnaire Support: Complete and review your official Cyber Essentials questionnaire

Certification Submission & Follow-Up: Submit to the certification body and support remediation as needed.

Get a Quote

WHO WE SERVE

Your Trusted Partner For Cyber Essentials Across Industries

Cyber Essentials is ideal for organizations of all sizes — especially those that want to:

Demonstrate baseline cybersecurity commitment
Meet contractual security requirements
Build trust with customers and partners
Prepare for more advanced compliance programs (e.g., ISO 27001, SOC)
This includes SMEs, SaaS providers, professional services, and regulated entities.

Get a Quote

FAQs

What are the benefits of Cyber Essentials?

Enhanced security – helps protect your organisation from the most common internet based cyber attacks such as phishing, malware, ransomware, password guessing and network attacks.
Simple and cost effective – a simple process with a Cyber Essentials certification fee starting from £200.
Gain and retain business – an increasing number of public, private and third sector contracts are mandating or actively encouraging Cyber Essentials from their suppliers.
Aligns with GDPR – recognised by the Information Commissioner’s Office as a scheme that can provide security assurances that help protect personal data.
Flexible scheme – regardless of sector or size, the scheme reviews basic, yet effective, technical controls an organisation has in place. The scheme also recognises that not all organisations have a dedicated IT department, or an in-depth knowledge of cyber security.

I have remote support, how do I request help?

An assessor will be assigned and reach out to arrange a Teams meeting to go over the assessment with you. You are also welcome to reach out to your assessor if you have any further questions throughout the process.

All my workers are home workers. Does this mean questions around networks are not applicable to me?

No, all questions are applicable to applicants, however some requirements may change depending on whether your organisation is office based, hybrid or fully remote. ISP (Internet Service Provider) equipment is not included in the scope of the assessment. In the absence of an in-scope network, confirmation of the use of software-based firewalls will instead need to be provided.

I am a single person company; do I still need to have a process for account creation and leavers?

Yes, all questions presented in Cyber Essentials are applicable whether you are a single person company or a company of 200+ employees. When answering those questions, you should take into consideration the “what if?” scenarios.

I am a single person company; do I still need to have a separate user account to my admin account?

Yes, you must ensure that you use separate administrator accounts from the standard user account, such as when installing software. Using administrator accounts all-day-long exposes the device to compromise by malware.

We use out of support operating systems to test or use legacy software. Can this be accepted?

The inclusion of out of support / end of life operating systems in the scope of assessment will not be compliant with Cyber Essentials. However, you may still use unsupported operating systems if they are removed from the scope of assessment by isolating the device / OS from the organisation’s network via a segregated subset.

We have an IT team that handles all our IT, can I answer questions with “Handled by our IT provider.”?

No, you must still provide processes and descriptions where asked. When a third party manages your IT, you should confirm with them all processes to ensure that they are meeting the standards required for Cyber Essentials.

I hire contractors and provide them access to select folders, are they in scope?

Contractors using devices provided by your organisation will fall into scope and will need to be included. However, contractors using their own personal devices not owned by your organisation will fall out of scope of the assessment and will not need to be declared.

Can you help define the scope?

Yes, we can. It is best to raise this at the point of purchase, and we can discuss your scope prior to you getting started. In addition, there is guidance in the IT infrastructure document. The scope should include any internet facing devices, including mobiles and anything considered as part of a BYOD (Bring Your Own Device) approach.

What is the process once I am signed up for Cyber Essentials?

Once you have your logins you will be able to access the IASME portal and be able enter your answers.
Once you have completed your answers, please submit the assessment. We will then assign an assessor and you will be scheduled for marking. Once marked you will get your results from the IASME portal, you will either pass, fail, or get asked for more information.
If you fail or get asked for more information you will have a chance to review your answers and update them using the guidance notes the assessor leaves for you.
You can then resubmit and once again you will be scheduled for marking with hopefully a pass being the result. You may get asked for more information again which will require you to readdress it, if you fail twice though that would mean you would have to repurchase Cyber Essentials to be able to retry.

Once I submit how long will it take to be marked?

We aim to mark an assessment within 48 hours of it being submitted, not including weekends or bank holidays. This can vary depending on how many assessments we have at one time.

I need my Cyber Essentials by a specific date, can you meet that?

You will still be under the same guidelines as above, if you require your certification by a specific date, you must take this into consideration. Start your assessment in good time to allow enough time to, complete, submit, be marked, remediate, resubmit, and pass!

Do I have to declare my home worker’s home broadband equipment?

No. ISP provided equipment is not considered as in scope for Cyber Essentials and does not have to be declared. In this case, we will need confirmation that you are relying on software firewalls as your internet boundary and/or a VPN provided by your organisation. A VPN solution must be an enterprise/corporate product that secures all connections between End User Devices (EUDs) and the Internet.

I am a single person company; do I still need to have a process in place for admin accounts?

We use Mac’s, do we need to install additional malware software?

The standard protection provided by Apple devices does not tend to meet the standards of Cyber Essentials, it is recommended that additional software should be installed to provide adequate protection.

We do not install updates right away in case it causes problems. Can this be accepted?

As standard, all critical and high classified updates must be applied within 14 days of release to meet compliance in Cyber Essentials. During the assessment you may need to provide details of how you ensure this. If operating systems or application versions are found to be in use after 14 days of the latest patch being made available, you will incur major non-compliance marks which could lead to a failed attempt.

We allow our staff to use their own devices, do I have to include them?

Yes, all staff devices that access company data and/or the company network would be considered in scope of Cyber Essentials. This includes mobile devices. You should track these devices to ensure your staff are using supported models and operating systems are up to date.

Where can I display my certificate or badge?

The certificate will be part of a public register. You can display the Cyber Essentials and Cyber Essentials Plus badge on your website and/or in your email signatures.

How long after passing Basic do I have to complete CE+?

After passing your Basic assessment, you will have 90 days to pass your Plus test. Once your Plus Test officially starts, you will have 30 days to complete any remediations, still within the 90 days. If you fail to remediate within 30 days you will fail your Plus test and will be required to restart from Basic.

How soon after passing Basic can I start my CE+?

After passing Basic our coordinator will reach out to you and book in your Plus test. Your Plus test will be booked from one to six weeks after passing your Basic assessment, so please make sure you have given yourself enough time to meet any of your deadlines.

Can I change the scope of my assessment after passing Basic before starting CE+?

No, the scope of your Plus assessment must be the same as your Basic one, any changes to your scope such as a significant increase or decrease in devices, changes in network topology etc. will cause a failure of Plus and a new Basic assessment would be required covering the correct scope.

Get a quote today!

Fill out the form to schedule a free, 30-minute consultation with a senior-level compliance expert today!

Benefit from:

Analysis of your compliance needs

Timeline, cost, and pricing breakdown

A strategy to keep pace with evolving regulations

Great companies think alike.

Join hundreds of other companies that trust IS Partners for their compliance, attestation and security needs.

The SOC Audit Process for Healthcare Organizations

How to Spot AI Security Gaps Early with ISO 42001

AIUC-1: What Is AIUC-1? Understanding the Emerging Compliance Standard for AI Agents

Cyber Essentials Certification & Compliance Powered by WorkNest

Strengthen Your Security with Cyber Essentials Certification

Get a Quote

The SOC Audit Process for Healthcare Organizations

How to Spot AI Security Gaps Early with ISO 42001

AIUC-1: What Is AIUC-1? Understanding the Emerging Compliance Standard for AI Agents

Prepare to Achieve Cyber Essentials Certification

Expert-Led Support for Cyber Essentials Success

Cost-Effective Certification

Certified Cybersecurity Experts

Strengthened Security Posture

Build Trust & Win Business

Cyber Essentials VS. Cyber Essentials Plus

How Long Does Cyber Essentials Take?

How Often Is Certification Required?

Your Trusted SOC 2 Audit Firm

Full U.S.-based team

No Outsourcing

One-stop shop

Over 20 years of experience

Compatibility with your compliance software

Software Included (FREE!)

Comprehensive Cyber Essentials Certification Support

Scope definition and eligibility guidance

Detailed review of the five required security controls

Gap analysis and remediation roadmap

Self-Assessment Questionnaire (SAQ) completion support

Evidence guidance and documentation review

Certification submission assistance

Remediation support if clarifications are required

Our Proven Cyber Essentials Certification Process

Your Trusted Partner For Cyber Essentials Across Industries

FAQs

What are the benefits of Cyber Essentials?

I have remote support, how do I request help?

All my workers are home workers. Does this mean questions around networks are not applicable to me?

I am a single person company; do I still need to have a process for account creation and leavers?

I am a single person company; do I still need to have a separate user account to my admin account?

We use out of support operating systems to test or use legacy software. Can this be accepted?

We have an IT team that handles all our IT, can I answer questions with “Handled by our IT provider.”?

I hire contractors and provide them access to select folders, are they in scope?

Can you help define the scope?

What is the process once I am signed up for Cyber Essentials?

Once I submit how long will it take to be marked?

I need my Cyber Essentials by a specific date, can you meet that?

Do I have to declare my home worker’s home broadband equipment?

I am a single person company; do I still need to have a process in place for admin accounts?

We use Mac’s, do we need to install additional malware software?

We do not install updates right away in case it causes problems. Can this be accepted?

We allow our staff to use their own devices, do I have to include them?

Where can I display my certificate or badge?

How long after passing Basic do I have to complete CE+?

How soon after passing Basic can I start my CE+?

Can I change the scope of my assessment after passing Basic before starting CE+?

Learn more about Cyber Essentials

Defensive Tactics on How to Prevent Cyber Attacks

How to Prevent Cyber Attacks in Healthcare

Change Healthcare Data Breach 2024: What Happened and Key Takeaways

Get a quote today!

Get a Customized Quote

Get a Customized Quote!

The SOC Audit Process for Healthcare Organizations

How to Spot AI Security Gaps Early with ISO 42001

AIUC-1: What Is AIUC-1? Understanding the Emerging Compliance Standard for AI Agents

US

London, UK

Contact

Legal

Social