Cyber Essentials Plus

What is Cyber Essentials Plus?

Cyber Essentials Plus is a separate certification that can be beneficial in addition to the Cyber Essentials programme. CE Plus is the highest level of certification offered under the Cyber Essentials Scheme. Like the standard Cyber Essentials certification, it covers everything your business should do to defend itself from a whole range of cyber-attacks, but CE Plus is a more rigorous test of your organisation’s cyber security systems.

Cyber Essentials Plus still has the same simple approach as Cyber Essentials and the protections you need to put in place are the same, but CE Plus requires a technical audit of the systems that are in scope of the assessment.

It contains an external vulnerability scan so you can see how robust your defences are against basic hacking and ensure that the correct controls are in place. It also includes an independent assessment by a licensed auditor. For CE Plus certification, an appraisal of a representative set of user devices, internet gateways and all servers accessible to internet users will be completed. The testing involves an assessor connecting remotely to a sample of your devices, including Laptops/Desktops and Mobile devices.

The Benefits

Peace of mind that you are demonstrating a high security standard

Customers and stakeholders can rest assured that you have not only implemented a high standard of controls to protect against cyber-attacks, but your cyber security has been externally audited by a Cyber essentials Certification body. Cyber Essentials certification is also completed annually, which will reassure customers and stakeholders that you are continuously monitoring and working on improving your cyber security systems.

Highlight that you take security & data protection seriously

CE Plus certification does not ensure complete compliance with GDPR, however it does help your organisation to protect any sensitive data by ensuring that your security measures are adequate. Both internal and external vulnerability assessments are completed during the programme, which will lead to improved controls, which can reduce the impact of potential attacks and or data breaches, which will then in turn improve GDPR compliance within your organisation.

Better protection against cyber-attacks

Implement best-practice technical controls to protect against common (and not so common) cyber-attacks. The government-backed CE plus programme will also provide a full report highlighting findings and improvements that need to be made before certification is awarded, providing you with the reassurance that your cyber security system has had thorough and rigorous testing. By holding CE and CE Plus certification, you can rest assured that any data held by your organisation is protected against over 80% of common cyber threats.

Be eligible for free cyber insurance cover

The CE Plus certification also includes automatic cyber liability insurance for any UK organisation who certifies their whole organisation and has less than £20m annual turnover ( terms apply.)

Discover new business opportunities

As well as having the ability to bid for government tenders, a CE Plus certification will help your organisation to win new business by not only displaying a commitment to cyber security, but by also demonstrating your cyber credentials


Base Package ‣ £1500 + VAT

Installation of Qualys Cloud Vulnerability Agents on the day of the asessment
External scanning for any cloud/onsite devices in scope
On-Site/Remote visit by CE+ assessor to 1 business location
Cloud agent for duration of the programme
Cyber Essentials Plus Certificate (if the standard is met)

Little Bit of Help ‣ £1750 + VAT

All base package features
Qualys Cloud Vulnerability Agent – Weekly Reporting
Mock assessment (two weeks in advance of your formal CE+ Assessment day)

Lots of Help ‣ £2250 + VAT

All base package features
All little bit of help features
Preparation support
Daily Vulnerability Report
Ongoing Vulnerability Advice via email
2 X 1 Hour Vulnerability report/General advice meetings (Typically 10 & 3 days prior to your formal assessment)
Scroll to Top