Cyber Essentials

Cyber Essentials was developed by government through consultation with industry to improve the cyber security within public supply chains

What is Cyber Essentials?

The scheme launched on 1st October 2014 and is a requirement for suppliers involved in handling of sensitive and personal information through provision of certain technical products and services.  We expect many private sector organisations to introduce the requirement as well.

Cyber Essentials requires sound basic information security hygiene measures, which when implemented properly can significantly reduce risk of vulnerability to cyber threats.

Applicable to organisations of any size or type the scheme has five critical controls.  These are:

  1. Boundary firewalls and internet gateways - these are devices designed to prevent unauthorised access to or from private networks, but good setup of these devices either in hardware or software form is important for them to be fully effective.
  2. Secure configuration – ensuring that systems are configured in the most secure way for the needs of the organisation
  3. Access control – Ensuring only those who should have access to systems to have access and at the appropriate level.
  4. Malware protection – ensuring that virus and malware protection is installed and is it up to date
  5. Patch management – ensuring the latest supported version of applications is used and all the necessary patches supplied by the vendor been applied.


There are two levels of assessment and certification, Cyber Essentials (CE) and Cyber Essentials Plus (CE+).

CE assessment is a self assessment application based approach.  This involves completing a standard questionnaire confirming approaches taken by your company and will need to be countersigned by a director stating that all actions have been taken. False claims may be deemed fraudulent, invalidate insurance and possibly give rise to prosecutions.  Once completed the application requires submitting to Centre for Assessment when one of our team will review the content.  If everything is in order we will submit this to QG Standards to issue your certificate. In some cases we may ask for additional information before submitting for certification.

Costs: £300 + VAT

CE + Assessment is a higher level assessment and is anticipated to be the one most people will require, this still involves the self assessment application followed by a verification visit to your premises to verify the information provided on the form and a vulnerability scan (maybe on/off site.). You will also get a report detailing potential areas to improve security of your information.

Download the single person homeworker questionnaire

Download the questionnaire (all other applicants)


  • Complies with public sector tender requirements
  • Reduced risk of cyber attacks
  • Helps learning on potential information security risks
  • Tests systems for vulnerability of attacks – CE +
  • Gives report on actions required to safeguard information – CE +
  • Helps Keeps data secure
  • Free cyber security insurance for those under £20m turnover
  • Compliments ISO 27001 Information Security Management System
  • Offers a good stepping stone towards ISO 27001 certification

As an additional benefit, CFA can provide a gap analysis against or carry out a joint audit with the ISO 27001 standard. Please contact one of the team on or 0161 237 4080