Frequently Asked Questions
What is Cyber Essentials?
Cyber Essentials is a Government- backed and industry-supported scheme that can help your business protect itself against the growing cyber threats. Big or small, cyber essentials provides any business with the right credentials to showcase as a trustworthy and secure company. This can be beneficial in the tendering process, and help you comply and win more contracts.
What are the Cyber Essentials and Cyber Essentials Plus schemes?
Cyber Essentials is a foundation level certification designed to provide a statement of the basic controls your organisation should have in place to mitigate the risk from common cyber threats. This is achieved through a self-assessment process carried out under the guidance of our cyber security experts.
Cyber Essentials Plus is an enhanced cyber security certification scheme for businesses that need more than Cyber Essentials has to offer.
You can find out more about the differences between Cyber Essentials and Cyber Essentials Plus here.
What is Cyber Essentials Fast Track?
If you require Cyber Essentials urgently, you can opt for our Fast Track service. With Fast Track, our team will get you through certification within 2 business days*, ensuring you can be fully certified before submitting a bid for a government tender.
*Please refer to product page for timings.
What is Cyber Essentials Plus?
Cyber Essentials Plus is designed for businesses that have matured their network infrastructure data requirements and have outgrown the minimum requirements of the basic Cyber Essentials scheme.
A range of public and private sector organisations have already adopted Cyber Essentials Plus since the scheme’s inception in 2014 with large global corporates such as Vodafone and Oracle leading the way in cyber security best practice. This has led to many public sector organisations, such as the Ministry of Defence and Home Office, mandating its requirements across their respective supply chains.
As part of the changes put in place since the transition to one accreditation body, IASME requires all Cyber Essentials Plus customers to hold a basic certification that was purchased no longer than three months prior.
How can Cyber Essentials help my business?
Cyber Essentials certification indicates that your organisation takes a proactive stance against malicious cyber attacks.
In addition, it offers a mechanism to demonstrate to customers, investors, insurers and others that you have taken the minimum yet essential precautions to protect your organisation against cyber threats.
The National Cyber Security Centre states that undertaking the Cyber Essentials certification process and implementing even one of the five controls required by Cyber Essentials can protect businesses from around 80% of attacks.
What does Cyber Essentials involve?
This will depend on which level of Cyber Essentials you take. You will need to complete a self-assessment questionnaire which Cyber Essentials Online will review.
With Cyber Essentials Plus you also undergo a more rigorous test of your organisation’s cyber security systems where our cyber security experts carry out vulnerability tests to make sure that your organisation is protected against basic hacking and phishing attacks.
A full overview of Cyber Essentials is available for free in the scheme summary document.
Do I need to renew my Cyber Essentials certification?
The purpose of Cyber Essentials is to improve your organisation’s cyber-readiness. Annual certification is required. This acts as an opportunity to make sure that your security is ready to defend against 80% of all common attacks.
Is Cyber Essentials a mandatory requirement for working with the UK Government?
The UK public sector market is worth over £240 billion per annum and Cyber Essentials can support your business in its efforts to become a supplier to the public sector.
Essentially the government won’t do business with you unless they know you, and the companies you do business with, are secure from cyber attack.
In a speech at the Institute of Directors in March 2017, then Minister of State for Digital and Culture Matt Hancock said: “I mentioned the Government already requires many of its suppliers to hold a Cyber Essentials certificate. We’ll be strengthening this requirement to ensure even more of our contractors take up the scheme.”
Since October 2014 Cyber Essentials has been mandatory for suppliers of Government contracts which involve handling personal information and providing some ICT products and services.
Holding a Cyber Essentials certification enables you to bid for these lucrative contracts.
What is the cost of Cyber Essentials certification?
Again, this depends on which level of certification you choose to undergo. Our foundation level starts at £300 excl. VAT / year
Find out more about products and prices here.
How quick is the Cyber Essentials certification process?
The quicker you can return your self-assessment questionnaire to us, the quicker we can turn it around. Generally, we can turn applications around quite quickly.
If you’re looking to become certified in a hurry you can use our Fast Track service where we can return this to you within 2 business days*.
Can you send me the self-assessment questionnaire before I sign up?
We can’t send the actual self-assessment form until you have signed up. However, you can download our sample questionnaire here.
This document outlines the type of information you will need to gather and submit during the certification process.
Is the questionnaire a tick box Yes/ No or will it require lengthy details?
The questionnaire requires answers to all questions – most of these questions will require brief notes to enable us to understand your company and the information security controls that you have in place.
By providing full details in the questionnaire you will reduce the time required for certification as we will have all the information we need up front.
What is involved in the Cyber Essentials application journey?
The Cyber Essentials application journey will differ slightly depending on whether you choose Cyber Essentials or Cyber Essentials Plus. The stages are outlined below but timescales may differ depending on the applicant’s completion of each stage.
Regardless of which product level you choose, there are three clear stages you will go through in order to obtain your Cyber Essentials certification.
Your Cyber Essentials purchase will grant you access to the members’ area and the self-assessment questionnaire to complete online. You do not have to complete the questionnaire in one go. You can save your questionnaire at any point, return to it later and submit for review at your leisure.
However, we would advise that you complete and submit your questionnaire as quickly as possible in order to obtain your Cyber Essentials certification in the shortest possible time. This is more relevant when purchasing Cyber Essentials Plus as you will need to complete the Cyber Essentials certification process first.
Once you submit your completed questionnaire via the online form we will review your application and will liaise with you regarding any gaps or additional information required in order to approve your application and submit it to the accreditation body, IASME Consortium. If you have chosen to apply for Cyber Essentials Plus, it is at this stage that ID Cyber Solutions, our accredited certification body, will arrange a suitable date and time to visit your premises and conduct the more stringent tests required for Cyber Essentials Plus certification.
The awarding body, IASME Consortium, will then issue your certification, confirming that you are Cyber Essentials certified.