Skip to Main Content
Get ahead in Cloud security – save 25% on selected training courses. Find out more.
Cyber Essentials Plus Certification

Cyber Essentials Plus Certification

SKU: 5570
Format: Certification (online purchases only)
Availability: Always Available

This service is for organisations that want to achieve Cyber Essentials Plus and have already achieved Cyber Essentials certification within the previous three months. You will need to confirm you hold a valid Cyber Essentials certificate with sufficient time remaining within the three-month window to complete your Cyber Essentials Plus certification. You will need to provide a copy of your Cyber Essentials certificate and passing report.

  • An IASME Cyber Essentials Plus certificate and report from one of the founding certification bodies that remains one of the largest in the UK today.
  • A remote assessment, internal vulnerability scans and an external vulnerability scan that offer a higher level of assurance to your stakeholders that your Cyber Essentials controls are in place.
  • A pre-test call to help you prepare for your assessment.

Cyber Essentials certificates are valid for 12 months, in line with IASME requirements.

Buy now, pay later! Enjoy the benefits of paying by purchase order with an IT Governance corporate account.  Apply online today or call our service centre team on 00 800 48 484 484.

Price: 2.040,00 €
ex. VAT
Description

Cyber Essentials Plus Certification

Upgrade your existing Cyber Essentials certificate by achieving Cyber Essentials Plus certification (conditions apply*).

This service is for organisations that have a high degree of knowledge of all five security controls and are comfortable carrying out all the preparations for certification.


What’s included?

  • Your Cyber Essentials Plus certificate and report.
  • An on-site/remote internal assessment and internal vulnerability scans.
  • An external vulnerability scan.
  • A pre-test call to help you prepare for your assessment.

How the application process works:

  • We confirm your Cyber Essentials certification meets the required criteria and schedule your on-site/remote assessment and a pre-engagement call.
  • We conduct the internal assessment and scans on a sample of your Internet-connected devices, and then provide the results. If there are nonconformities, we will also provide feedback to help you understand how to achieve certification.
  • We schedule your external vulnerability scan.
  • We complete any retests or repeat scans needed.
  • Subject to a positive outcome, you receive your Cyber Essentials Plus certificate and report.
Net Promoter score of +100

Our Cyber Essentials services have an excellent NPS (Net Promoter Score) of +100.


Is this service right for you?

This service is for:

  • Organisations that have recently (within the last three months) achieved Cyber Essentials certification and now want to achieve Cyber Essentials Plus certification; and
  • Organisations that have a high degree of knowledge of all five security controls and are comfortable carrying out all the preparations for testing and certification.

*If you haven’t recently achieved Cyber Essentials certification, you should purchase our Cyber Essentials and Cyber Essentials Plus Certification package.

If you need additional support with your Cyber Essentials Plus certification, you can purchase remote consultancy support by the hour. This service is delivered via email or Microsoft Teams by one of our cyber security experts.


See what our customers think about this service

“Brilliant service from the team who were completely supportive of someone like me who runs a microbusiness and is hopeless with technical stuff. I am so grateful for the handholding and advice you gave me.”

- Caroline

 

“Thanks for all your support, team – really appreciate your assistance in getting us through this in such a short space of time. Couldn’t recommend a better group of folk to work with!”

- Rowan Troy, Six Degrees Technology Group Limited

 

“Amazing Service, very friendly throughout and willing to help you every step through the process.”

- Ian

 

“IT Governance were very helpful and really focussed on what was needed to get the certification and have a more secure setup as part of the process (we did not just get assurance, we improved our assurance process).”

- Karl Axnick, Alscient Ltd

 

“Terry and Dan were extremely helpful, knowledgeable, and provide quick and effective answers to any query I raised.”

- Anonymous

 
Benefits

Benefits of Cyber Essentials Plus certification

Work with the best

IT Governance is one of the founding Cyber Essentials certification bodies and remains one of the largest in the UK today. We have issued more than 6,000 certifications worldwide and our broad range of fixed-priced services has helped thousands of organisations achieve baseline cyber security.

Higher level of assurance

Cyber Essentials Plus offers a higher level of assurance. It involves a technical audit of the systems that are in scope for Cyber Essentials to verify that the Cyber Essentials controls are in place.

The internal and external scans will identify critical vulnerabilities that may lead to a compromise of your infrastructure.

Work with the UK government and MOD

Cyber Essentials Plus will give you the opportunity to work with the UK government and MOD.

Be listed on the National Cyber Security Centre’s database

Cyber Essentials certificates issued in the previous 12 months will be displayed, showing suppliers your commitment to protecting your and your customers’ data.

Conditions

Conditions

Cyber Essentials Plus involves a technical audit of the systems that are in scope for Cyber Essentials. This includes a representative set of end-user devices – workstations and laptops, mobile devices, internal- and external-facing servers, hypervisors, thin clients, BYOD (bring your own device) and other build types used by the organisation. The number of builds is defined by the number of configurations of operating systems such as type, version, edition, etc. If more than one browser or Office suite is used on the end-user devices, each variant will need to be tested for browser downloads and email downloads tests. All end-user workstation and laptop devices will be tested for account separation. All Cloud services in scope for Cyber Essentials will also be tested for MFA (multifactor authentication) or SSO (single sign-on) capabilities where available.

  • This package includes a Cyber Essentials Plus audit at one location on up to ten sample devices. Additional end-user devices – workstations and laptops, mobile devices, internal- and external-facing servers, hypervisors, thin clients, BYOD and other build types used by the organisation – may need to be tested to meet the sampling requirements of the scheme. If you require more than ten devices to be tested, you will need to purchase Cyber Essentials Plus Certification – Additional Device Testing. This testing can be conducted remotely in most instances.
  • If you fail any of the Cyber Essentials Plus testing performed as part of the overall engagement, we will provide you with details of further tests required. Cyber Essentials Plus final reports must be completed no more than 30 days after the start date of the first scans. Any remediation work and required retesting must be completed with sufficient time for QA and generation of the report and certificate within this time frame. These tests will be billed separately.
  • The package includes an external vulnerability scan for up to 16 IP addresses. If you have more than 16 IP addresses, you will need to purchase additional IP packages in packs of 16. If you fail your external scan, a rescan will need to be purchased, plus any additional IP packages that you need to cover the failing IP addresses if you have more than 16 IP addresses.
  • If you ask that testing is undertaken at your business location, additional expenses will be charged to accommodate our consultant’s travel time and costs for the on-site assessment. These will be billed separately.
  • If your Cyber Essentials Plus application is unsuccessful, your Cyber Essentials certification may be revoked.
  • If your Cyber Essentials Plus application is not fully complete within three months from the date of your Cyber Essentials certificate, you will need to repeat your Cyber Essentials certification at full cost.

Pre-test requirements

  • All devices are subject to testing and will be agreed upon before the testing date, including end-user devices – workstations and laptops, mobile devices, internal- and external-facing servers, hypervisors, thin clients, BYOD and other build types used by the organisation – and must be available for testing on the agreed date/during the engagement.
  • All devices within the scope of testing must be devices in use on a day-to-day basis and cannot be built specifically for testing. The same applies for user accounts tested on these devices.
  • Devices must have Internet access, and allow email downloads and browser downloads tests for standard user accounts on end-user devices – workstations and laptops, mobile devices, internal- and external-facing servers, hypervisors, thin clients, BYOD and other build types.
  • All end-user computer devices will be tested for account separation and must only be on a standard user account and must not have local admin privileges.
  • Cloud services in scope for Cyber Essentials will be tested for MFA or SSO if the service provider supports either functionality.
  • An external vulnerability scan will be required for all external-facing assets in scope of Cyber Essentials such as external-facing servers, firewalls, routers, IaaS (Infrastructure as a Service) Cloud, websites, etc. that are hosted or managed by the organisation.
  • An internal vulnerability scan will be required for each sample device in scope of Cyber Essentials including end-user devices – workstations and laptops, mobile devices, servers, hypervisors, thin clients, BYOD and other build types used by the organisation.
  • Internal and external vulnerability scans will be conducted using Qualys Cloud agents. If you require delivery using an alternative method, please discuss this with us at the time of your booking.
    • Qualys Cloud agents: The agents must be installed on the sample set of devices selected for the assessment after the pre-engagement call.

Customer Reviews

top
Risk Assessment
Workshop
- 22 Oct
Loading...