Cyber Essentials Plus - CyberSecuritiesUK

What is Cyber Essentials Plus?

Cyber Essentials Plus is a separate certification that can be beneficial in addition to the Cyber Essentials programme. CE Plus is the highest level of certification offered under the Cyber Essentials Scheme. Like the standard Cyber Essentials certification, it covers everything your business should do to defend itself from a whole range of cyber-attacks, but CE Plus is a more rigorous test of your organisation’s cyber security systems.

Cyber Essentials Plus still has the same simple approach as Cyber Essentials and the protections you need to put in place are the same, but CE Plus requires a technical audit of the systems that are in scope of the assessment.

It contains an external vulnerability scan so you can see how robust your defences are against basic hacking and ensure that the correct controls are in place. It also includes an independent assessment by a licensed auditor. For CE Plus certification, an appraisal of a representative set of user devices, internet gateways and all servers accessible to internet users will be completed. The testing involves an assessor connecting remotely to a sample of your devices, including Laptops/Desktops and Mobile devices.

The Benefits

Peace of mind that you are demonstrating a high security standard

Customers and stakeholders can rest assured that you have not only implemented a high standard of controls to protect against cyber-attacks, but your cyber security has been externally audited by a Cyber essentials Certification body. Cyber Essentials certification is also completed annually, which will reassure customers and stakeholders that you are continuously monitoring and working on improving your cyber security systems.

Highlight that you take security & data protection seriously

CE Plus certification does not ensure complete compliance with GDPR, however it does help your organisation to protect any sensitive data by ensuring that your security measures are adequate. Both internal and external vulnerability assessments are completed during the programme, which will lead to improved controls, which can reduce the impact of potential attacks and or data breaches, which will then in turn improve GDPR compliance within your organisation.

Better protection against cyber-attacks

Implement best-practice technical controls to protect against common (and not so common) cyber-attacks. The government-backed CE plus programme will also provide a full report highlighting findings and improvements that need to be made before certification is awarded, providing you with the reassurance that your cyber security system has had thorough and rigorous testing. By holding CE and CE Plus certification, you can rest assured that any data held by your organisation is protected against over 80% of common cyber threats.

Be eligible for free cyber insurance cover

The CE Plus certification also includes automatic cyber liability insurance for any UK organisation who certifies their whole organisation and has less than £20m annual turnover ( terms apply.)

Discover new business opportunities

As well as having the ability to bid for government tenders, a CE Plus certification will help your organisation to win new business by not only displaying a commitment to cyber security, but by also demonstrating your cyber credentials

Packages

Base Package ‣ £1500 + VAT

Installation of Qualys Cloud Vulnerability Agents on the day of the asessment

External scanning for any cloud/onsite devices in scope

On-Site/Remote visit by CE+ assessor to 1 business location

Cloud agent for duration of the programme

Cyber Essentials Plus Certificate (if the standard is met)

Little Bit of Help ‣ £1750 + VAT

All base package features

Qualys Cloud Vulnerability Agent – Weekly Reporting

Mock assessment (two weeks in advance of your formal CE+ Assessment day)

Lots of Help ‣ £2250 + VAT

All base package features

All little bit of help features

Preparation support

Daily Vulnerability Report

Ongoing Vulnerability Advice via email

2 X 1 Hour Vulnerability report/General advice meetings (Typically 10 & 3 days prior to your formal assessment)

I have the basic Cyber Essentials certification, can I complete CE+?

Yes, in fact we would recommend it. You will need to complete your CE+ audit within 3 months of your last CE basic certification. Alternatively, you can complete the online assessment as part of the CE+ certification.

Do I need to complete the basic CE before completing CE+?

Yes, you need to complete the online CE assessment as part of the Cyber Essentials Plus certification and must do so prior to the Cyber Essentials Plus audit.

Is there an expiry date?

All new certificates issued by IASME will have a 12 month expiry date.