Cyber Essentials
Help prevent external cyber threats
Help prevent external cyber threats

Cyber Essentials is a UK Government standard for technical controls to help organisations improve the level of IT infrastructure security

This scheme is designed to prevent highly common internet-based attacks which allows organisations to protect the confidentiality, integrity, and availability of stored data on devices on all internet-facing devices.

More information

Accreditation is recommended for any company that stores both company and client data, is governed by GDPR requirements, or simply has a desire to improve their IT infrastructure security.

As it is a Government-mandated scheme, any organisation looking to tender for work with a public-sector body will be required to have met the Cyber Essentials standard and is an increasingly more common requirement for tender applications in the private sector.

In addition to this, heavily regulated industries like Medical, Legal and Financial, where more sensitive client data is stored, may wish to use the Cyber Essentials framework to help with compliance.

In the legal sector, The Law Society references Cyber Essentials as a “should have” in both their Lexcel and CQS Management Frameworks.

The Cyber Essentials Controls

Cyber Essentials requires only basic information security hygiene measures to be in place, which when implemented correctly, will significantly reduce the level of vulnerability to external cyber-attacks.
Applicable to organisations of any shape and size; the scheme has 5 critical controls

  1. Secure information
  2. Firewalls
  3. Access control
  4. Malware protection
  5. Patch management
Three levels of support

Centre for Assessment offers three levels of assessment and certification for the Cyber Essentials scheme. Each assessment type offers different benefits and is applicable to a wide range of companies and industries. 

  1. Cyber Essentials Basic is a self-assessment driven scheme, whereby applicants review their IT infrastructure via an application document. Once completed, this is then returned to Centre for Assessment for review. This scheme is recommended for smaller businesses looking for entry-level cyber protection compliance.
  2. Cyber Essentials Plus offers a much more comprehensive assessment, whereby applicants complete and return a more in-depth application document, which assesses IT infrastructure in greater detail. This assessment type also involves penetration testing, mobile device testing and on-site assessment by an ACE registered assessor, who will access the required network and test for any weaknesses or vulnerabilities that may not have been previously found. A full, comprehensive report is then given to the client to highlight findings during the assessment, and any improvements that need to be made to ensure quality Cyber Security. This is then reviewed by the assessor and certification can then be awarded pending results.
  3. The new EXTRA scheme covers all the important details of both the Basic and Plus levels of assessment, however, this also includes a full pre-assessment evaluation of client systems, which is then fully reported on. We then work with clients to help improve and manage systems from the findings of the pre-assessment and help to ensure that any issues are rectified. Once satisfied, you would then be assessed under the scheme rules, following the same process as Cyber Essentials PLUS. If for any reason the standard is not met, this level of assessment will also cover a FREE re-assessment to ensure that clients are given ampler opportunities to ensure that their systems meet the scheme rules. This is recommended for companies that are looking to ensure that they meet the standard with as much support and information as available.


Request a Quote

Select all relevant areas

Contact Us

Contact Us

Find out more:

Application process

To get started, please download an application form here. 

Tips on completion:

  1. Take a look through all of the questions on the application form, highlighting any that you or anyone else in your organisation do not feel you can confidently answer. Please avoid any “Yes/No” answers to any of the questions.
  2. Put down a suggested answer that you feel may meet the standard’s requirements to all questions that you have highlighted.
  3. Send these in an email to who will be on-hand to go through this with you either via email or over the phone, making sure you have no issues completing your Cyber Essentials application form.

Accreditation process

  1. Contact Centre for Assessment to discuss which version of the Standard is right for your organisation.

  2. Complete application form.
    Return form, highlighting the package required.

  3. Application is then sent off for assessment.

  4. Pending results, certificates are sent both physically and digitally.

  5. The client receives branding guidelines for marketing use.

  6. Added to register of accredited Cyber Essentials companies.

Accreditation support

  • We have ACE registered technicians available during office hours to help advise and support clients through the application process.

  • We run a range of in-house training and attend exhibitions throughout the year, making us available for clients to learn more about the requirements.

  • We have a huge network of Cyber Essentials consultants available to offer support for clients who are anything from technophobes to experts.

  • We have FAQ documents, as well as Business Development Executives available to help support any questions you may have.
Blogs and Case Studies
Related Services
ISO 22301 - Business Continuity Management
ISO 22301 builds such contingencies into the routine responsibilities of every manager and is designed to keep your business going during the most challenging and unexpected circumstances.
General Data Protection Regulation or GDPR as it more commonly known, is a new EU regulation that will be imposed as of 25th May 2018 to protect and empower all EU citizens data privacy and to reshape the way organizations across the region approach data privacy. Companies that collect data on citizens in European Union (EU) countries will need to comply with strict new rules around protecting…