Frequently Asked Questions

What are the Cyber Essentials and Cyber Essentials Plus schemes?

Cyber Essentials is a Government-backed and industry-supported scheme that helps businesses protect themselves against the growing threat of cyber attacks and provides a clear statement of the basic controls organisations should have in place to protect them.

Gaining Cyber Essentials certification enables organisations to showcase their credentials as trustworthy and secure when it comes to cyber security.

Cyber Essentials Plus is an enhanced cyber security certification scheme for businesses that need more than Cyber Essentials has to offer.

 

What is Cyber Essentials?

Cyber Essentials is a foundation level certification designed to provide a statement of the basic controls your organisation should have in place to mitigate the risk from common cyber threats. This is achieved through a self-assessment process carried out under the guidance of our cyber security experts.

 

What is Cyber Essentials Fast Track?

If you require Cyber Essentials urgently, you can opt for our Fast Track service. With Fast Track, our team will get you through certification within 2 business days*, ensuring you can be fully certified before submitting a bid for a government tender.

*Please refer to product page for timings.

 

What is Cyber Essentials Plus?

Cyber Essentials Plus is designed for businesses that have matured their network infrastructure data requirements and have outgrown the minimum requirements of the basic Cyber Essentials scheme.

A range of public and private sector organisations have already adopted Cyber Essentials Plus since the scheme’s inception in 2014 with large global corporates such as Vodafone and Oracle leading the way in cyber security best practice. This has led to many public sector organisations, such as the Ministry of Defence and Home Office, mandating its requirements across their respective supply chains.

 

How can Cyber Essentials help my business?

Cyber Essentials certification indicates that your organisation takes a proactive stance against malicious cyber attacks.

In addition, it offers a mechanism to demonstrate to customers, investors, insurers and others that you have taken the minimum yet essential precautions to protect your organisation against cyber threats.

The National Cyber Security Centre states that undertaking the Cyber Essentials certification process and implementing even one of the five controls required by Cyber Essentials can protect businesses from around 80% of attacks.

 

What does Cyber Essentials involve?

This will depend on which level of Cyber Essentials you take. You will need to complete a self-assessment questionnaire which Cyber Essentials Online will review.

With Cyber Essentials Plus you also undergo a more rigorous test of your organisation’s cyber security systems where our cyber security experts carry out vulnerability tests to make sure that your organisation is protected against basic hacking and phishing attacks.

A full overview of Cyber Essentials is available for free in the scheme summary document.

 

Is Cyber Essentials a mandatory requirement for working with the UK Government?

The UK public sector market is worth over £240 billion per annum and Cyber Essentials can support your business in its efforts to become a supplier to the public sector.

Essentially the government won’t do business with you unless they know you, and the companies you do business with, are secure from cyber attack.

In a speech at the Institute of Directors in March 2017, then Minister of State for Digital and Culture Matt Hancock said: “I mentioned the Government already requires many of its suppliers to hold a Cyber Essentials certificate. We’ll be strengthening this requirement to ensure even more of our contractors take up the scheme.”

Since October 2014 Cyber Essentials has been mandatory for suppliers of Government contracts which involve handling personal information and providing some ICT products and services.

Holding a Cyber Essentials certification enables you to bid for these lucrative contracts.

 

What is the cost of Cyber Essentials certification?

Again, this depends on which level of certification you choose to undergo. Our foundation level starts at £300 excl. VAT / year

 

How quick is the Cyber Essentials certification process?

The quicker you can return your self-assessment questionnaire to us, the quicker we can turn it around. Generally, we can turn applications around quite quickly.

If you’re looking to become certified in a hurry you can use our Fast Track service where we can return this to you within 2 business days*.

*Please refer to product page for timings.

 

Can you send me the self-assessment questionnaire before I sign up?

No, we can’t send the actual self-assessment form until you have signed up. However, you can download our sample questionnaire here

 

Is the questionnaire a tick box Yes/ No or will it require lengthy details?

The questionnaire requires answers to all questions – most of these questions will require brief notes to enable us to understand your company and the information security controls that you have in place.

By providing full details in the questionnaire you will reduce the time required for certification as we will have all the information we need up front.

 

What is involved in the Cyber Essentials application journey?

The Cyber Essentials application journey will differ slightly depending on whether you choose Cyber Essentials or Cyber Essentials Plus. The stages are outlined below but timescales may differ depending on the applicant’s completion of each stage.

Regardless of which product level you choose, there are three clear stages you will go through in order to obtain your Cyber Essentials certification.

Your Cyber Essentials purchase will grant you access to the members’ area and the self-assessment questionnaire to complete online. You do not have to complete the questionnaire in one go. You can save your questionnaire at any point, return to it later and submit for review at your leisure.

However, we would advise that you complete and submit your questionnaire as quickly as possible in order to obtain your Cyber Essentials certification in the shortest possible time. This is more relevant when purchasing Cyber Essentials Plus as you will need to complete the Cyber Essentials certification process first.

Once you submit your completed questionnaire via the online form we will review your application and will liaise with you regarding any gaps or additional information required in order to approve your application and submit it to the accreditation body, QG Business Solutions. If you have chosen to apply for Cyber Essentials Plus, it is at this stage that ID Cyber Solutions, our accredited certification body, will arrange a suitable date and time to visit your premises and conduct the more stringent tests required for Cyber Essentials Plus certification.

The awarding body, QG Business Solutions, will then issue your certification, confirming that you are Cyber Essentials certified.