Cyber Essentials Plus Certification

Cyber Essentials Plus Certification


Cyber Essentials is a UK Government scheme that aims to help businesses protect themselves from common cyber security threats. However, a basic Cyber Essentials self-assessment will not verify the actual integrity of your security perimeter. For this, you’ll need Cyber Essentials Plus Certification.


What is Cyber Essentials Plus?

At present, UK businesses can qualify for NCSC Cyber Essentials Certification, after reviewing NCSC guidelines and completing a short self-certification questionnaire.

With Cyber Essentials Plus, businesses still complete a basic Cyber Essentials self-assessment. However, an NCSC or third-party assessor will also carry out a technical security audit of your current IT systems.


Cyber Essentials Plus Requirements


  • Cyber Essentials Plus requirements state that a technical audit must be performed within 3-months of your initial Cyber Essentials self-assessment.


  • As part of the current Cyber Essentials Plus requirements, it will be necessary for an assessor to visit your office or physical workplace to perform a security audit.


  • Certification lasts for just 1-year. This being the case, businesses will need to schedule annual security audits for certification to remain valid.


Why Do I Need Cyber Essentials Plus?

The purpose of the UK’s Cyber Essentials scheme is simple. Certification in the form of a self-assessment demonstrates to your consumers that you are security-aware. Fulfilling extra Cyber Essentials Plus requirements builds on this, by demonstrating that you have proven resilience to common cyber security threats.


  • Satisfying all Cyber Essentials Plus requirements helps you establish a higher degree of trust with consumers.


  • Other UK businesses will feel safer working with you when they know that you have independently verifiable cyber security controls in place.


  • Satisfying all Cyber Essentials Plus requirements is a prerequisite for bidding on many UK government contracts.


How Do I Get Cyber Essentials Plus?

To satisfy basic Cyber Essentials Plus requirements, you will first need to complete a basic Cyber Essentials self-assessment. Once you already have Cyber Essentials Certification, you may then apply for Cyber Essentials Plus.


When you apply for Cyber Essentials Plus here at Defensity, we will schedule a time to independently assess what cyber security controls you currently have in place. Typically, we aim to validate the presence of controls in five key areas.


External Vulnerability Assessments

During external vulnerability assessments, our team at Defensity will audit the security of Internet-facing services like your website and customer payment portals.


  • Internal Patch Audits

Software and physical device firmware vendors regularly release patches for critical, product-specific security threats. During an internal patch audit, we will verify that you have up-to-date patches installed on all your critical business IT systems.

  • Malware Protection Audits

Malware and viruses can pose a critical threat to your business continuity. Worse, malware like ransomware can result in catastrophic data breaches. Our team at Defensity will, therefore, verify the integrity (and efficacy) of any anti-malware solution you are currently using.


Email Threat Assessments


Is the anti-malware solution you are currently using capable of automatically detecting malicious email attachments?


During email threat assessments, our team at Defensity will test to see whether malicious files can penetrate your email defenses. To do this, we will send test files to different email accounts associated with your organization.


Web-based Malware Assessments

By default, any anti-virus solution you use should be capable of detecting malicious files, before it is possible to download or install these from online. We will, therefore, attempt to download a small number of (benign) malicious files from one of our security test servers.


Why Choose Defensity?

Defensity, is a fully accredited NCSC Cyber Essentials Certification Body. As a result, we can help businesses achieve Basic and Plus Cyber Essentials certification quickly.

In every case, assessments with us are performed by senior cyber security consultants with several years of combined industry experience.

To maximise your chances of gaining Cyber Essentials Certification  first time, call now to speak to one of our security advisers.