Cyber Essentials
Get certified against cyber security controls to protect your data
Get certified against cyber security controls to protect your data

The Cyber Essentials scheme was launched in 2014 to promote cyber safety measures to ensure the safe handling, processing and storage of data for all businesses within the public supply chain. Substantial growth within the public sector has meant that the scheme is now a mandatory requirement in Scotland, as part of the Public Sector Cyber Resilience Plan, which requires all public bodies to put cybersecurity measures in place across their organisations.

More information

Accreditation is suitable for all companies in any sector who handle client information and have a desire to increase their IT infrastructure security throughout their business.
Companies who look to implement the Standard work in sectors including legal, marketing, IT, manufacturing, E-commerce and medical.

Companies who implement the Cyber Essentials scheme show their ongoing commitment to fighting cyber-crime and give their clients confidence in their practices when handling and storing data. The Standard is also a valuable tool for contract tender applications.

In addition to this, Cyber Essentials is now listed as one of the key elements involved with Lexcel V6.1 for legal practices throughout the UK.

The Cyber Essentials Controls

Cyber Essentials requires sound basic information security hygiene measures, which when implemented properly can significantly reduce the risk of vulnerability to cyber threats.
Applicable to organisations of any size or type the scheme has five critical controls.

Three levels of support

Centre for Assessment offers three levels of assessment and certification for the Cyber Essentials scheme. Each assessment type offers different benefits and is applicable to a wide range of companies and industries. 

Take a look at the table below to see which level of support suits your needs.



Find out more:

Cyber Essentials Basic

Cyber Essentials Basic is a self-assessment driven scheme, whereby applicants review their IT infrastructure via an application document. Once completed, this is then returned to Centre for Assessment for review. This scheme is recommended for smaller businesses looking for entry-level cyber protection compliance.

Cost: £300.00 + VAT

Cyber Essentials Plus

Cyber Essentials Plus offers a much more comprehensive assessment, whereby applicants complete and return a more in-depth application document, which assesses IT infrastructure in greater detail. This assessment type also involves penetration testing, mobile device testing and on-site assessment by an ACE registered assessor, who will access the required network and test for any weaknesses or vulnerabilities that may not have been previously found. A full, comprehensive report is then given to the client to highlight findings during the assessment, and any improvements that need to be made to ensure quality Cyber Security. This is then reviewed by the assessor and certification can then be awarded pending results.

Cost: £2,500.00 + VAT

Cyber Essential EXTRA

The new EXTRA scheme covers all the important details of both the Basic and Plus levels of assessment, however, this also includes a full pre-assessment evaluation of client systems, which is then fully reported on. We then work with clients to help improve and manage systems from the findings of the pre-assessment and help to ensure that any issues are rectified. Once satisfied, you would then be assessed under the scheme rules, following the same process as Cyber Essentials PLUS. If for any reason the standard is not met, this level of assessment will also cover a FREE re-assessment to ensure that clients are given ampler opportunities to ensure that their systems meet the scheme rules. This is recommended for companies that are looking to ensure that they meet the standard with as much support and information as available.

Cost: £3,250.00 + VAT

Accreditation process

  1. Contact Centre for Assessment to discuss which version of the Standard is right for your organisation.

  2. Complete application form.
    Return form, highlighting the package required.

  3. Application is then sent off for assessment.

  4. Pending results, certificates are sent both physically and digitally.

  5. The client receives branding guidelines for marketing use.

  6. Added to register of accredited Cyber Essentials companies.

Accreditation support

  • We have ACE registered technicians available during office hours to help advise and support clients through the application process.

  • We run a range of in-house training and attend exhibitions throughout the year, making us available for clients to learn more about the requirements.

  • We have a huge network of Cyber Essentials consultants available to offer support for clients who are anything from technophobes to experts.

  • We have FAQ documents, as well as Business Development Executives available to help support any questions you may have.
Blogs and Case Studies
Related Services
ISO 27001 - Information Security Management
In an increasing technology-dependent business world, robust information security is vital to manage and minimise risks of exposure to cyber attacks and ensure that confidential client information is protected. Cyber attacks and data fraud/theft are listed in the top ten risks to companies in the World Economic Forum Global Risk Report 2018.
ISO 22301:2012 - Business Continuity Management
ISO 22301 builds such contingencies into the routine responsibilities of every manager and is designed to keep your business going during the most challenging and unexpected circumstances.
General Data Protection Regulation or GDPR as it more commonly known, is a new EU regulation that will be imposed as of 25th May 2018 to protect and empower all EU citizens data privacy and to reshape the way organizations across the region approach data privacy. Companies that collect data on citizens in European Union (EU) countries will need to comply with strict new rules around protecting…