Cyber Essentials Plus

why choose cyber sense

penetration (1)

NCSC Assured Service Provider

Recognised by the NCSC for excellence in cybersecurity advisory and implementation.


Experience Certifying Organisations

Extensive expertise in guiding diverse organisations to achieve Cyber Essentials certification.


Simplified & Effective Approach

Delivering straightforward, effective advice to help organisations achieve Cyber Essentials.

penetration (1)

Proven Track Record of Success

Consistent success in enhancing clients' cybersecurity resilience and compliance.

Cyber Essentials Plus

Cyber Essentials Plus Asssement

As an accredited Cyber Essentials Plus Certification Body, Cyber Sense are equipped to conduct your Cyber Essentials Plus Audit with meticulous precision.

Our auditors are not only friendly and approachable but also highly skilled in their field.

Should your organisation face challenges in passing the initial audit, we provide a detailed report with actionable advice, ensuring you have the guidance needed to succeed in the retest.

Cyber Essentials Plus FAQ

Cyber Essentials Plus is a higher level of assurance than Cyber Essentials. It involves a technical audit of the systems that are in-scope for Cyber Essentials. This includes a representative set of user devices, all internet gateways and all servers with services accessible to unauthenticated internet users. 

The assessor will test a suitable random sample of these systems and complete a series of observations to determine the outcome.

Simply put, Cyber Essentials is where the applicant says what they do. Cyber Essentials Plus is verification of the self-assessment. This is conducted by an auditor remotely or in-person.

You have 90 days to pass Cyber Essentials Plus. This time frame includes any retests.

There are seven tests involved for Cyber Essentials Plus.

  1. A Remote Vulnerability Assessment.
  2. Vulnerability Scan of a selection of devices.
  3. Malware Checks against the computers delivered via email and the web browser.
  4. Check Multi-Factor Authentication is enabled for Administrators and Users.
  5. Check Account Separation to ensure no users are local admins.

For further information, a detailed Cyber Essentials Plus: Illustrative Test Specification can be found here.

If you fail Cyber Essentials Plus first time, you have 30 days to remediate any issue providing it falls within the 90 days since you passed the Cyber Essentials Self Assessment.


Part of our offering, we will provide you with a detailed report of where your business failed with actionable advice on how to remediate these issues.


If you fail Cyber Essentials Plus 30-days later, then you will need to reapply for Cyber Essentials Self-Assessment once more.

The most challenging aspect of Cyber Essentials Plus is to ensure all high risk or critical updates are applied with 14-days. 

As a result, we recommend conducting a vulnerability scan prior to taking the assessment. This enables a business to have an actionable remediation plan for updates that may have slip through the net.

Equally, if there are any major non-conformities, then the IT can remediate these issues at their own pace.

Cyber Essentials Plus, along with Cyber Essentials, must be renewed every year to remain certified.

Benefits of Cyber Essentials Plus

Protect Against Basic Cyber Attacks

Shields from common threats, enhancing a businesses cybersecurity posture

Build Customer Trust and Confidence

Increases customer confidence through demonstrated commitment to cybersecurity measures.

Enhance Opportunities for New Business

Opens doors for new ventures by showcasing robust security practices.

Essential for Securing Government Contracts

Critical requirement for eligibility in lucrative government contract bidding.

Advanced Assurance with Cyber Essentials Plus

Offers a higher level of security assurance, validating more stringent cybersecurity practices.

Detailed Insight into Security Posture

Provides comprehensive understanding of current security strengths and weaknesses.