Cyber Essentials Plus
why choose cyber sense
NCSC Assured Service Provider
Recognised by the NCSC for excellence in cybersecurity advisory and implementation.
Experience Certifying Organisations
Extensive expertise in guiding diverse organisations to achieve Cyber Essentials certification.
Simplified & Effective Approach
Delivering straightforward, effective advice to help organisations achieve Cyber Essentials.
Proven Track Record of Success
Consistent success in enhancing clients' cybersecurity resilience and compliance.
Cyber Essentials Plus Asssement
As an accredited Cyber Essentials Plus Certification Body, Cyber Sense are equipped to conduct your Cyber Essentials Plus Audit with meticulous precision.
Our auditors are not only friendly and approachable but also highly skilled in their field.
Should your organisation face challenges in passing the initial audit, we provide a detailed report with actionable advice, ensuring you have the guidance needed to succeed in the retest.
Cyber Essentials Plus FAQ
Cyber Essentials Plus is a higher level of assurance than Cyber Essentials. It involves a technical audit of the systems that are in-scope for Cyber Essentials. This includes a representative set of user devices, all internet gateways and all servers with services accessible to unauthenticated internet users.
The assessor will test a suitable random sample of these systems and complete a series of observations to determine the outcome.
Simply put, Cyber Essentials is where the applicant says what they do. Cyber Essentials Plus is verification of the self-assessment. This is conducted by an auditor remotely or in-person.
You have 90 days to pass Cyber Essentials Plus. This time frame includes any retests.
There are seven tests involved for Cyber Essentials Plus.
- A Remote Vulnerability Assessment.
- Vulnerability Scan of a selection of devices.
- Malware Checks against the computers delivered via email and the web browser.
- Check Multi-Factor Authentication is enabled for Administrators and Users.
- Check Account Separation to ensure no users are local admins.
For further information, a detailed Cyber Essentials Plus: Illustrative Test Specification can be found here.
If you fail Cyber Essentials Plus first time, you have 30 days to remediate any issue providing it falls within the 90 days since you passed the Cyber Essentials Self Assessment.
Part of our offering, we will provide you with a detailed report of where your business failed with actionable advice on how to remediate these issues.
If you fail Cyber Essentials Plus 30-days later, then you will need to reapply for Cyber Essentials Self-Assessment once more.
The most challenging aspect of Cyber Essentials Plus is to ensure all high risk or critical updates are applied with 14-days.
As a result, we recommend conducting a vulnerability scan prior to taking the assessment. This enables a business to have an actionable remediation plan for updates that may have slip through the net.
Equally, if there are any major non-conformities, then the IT can remediate these issues at their own pace.
Cyber Essentials Plus, along with Cyber Essentials, must be renewed every year to remain certified.