Call us today on: +44 (0)203 88 020 88
SecureTeamSecureTeamSecureTeamSecureTeam
  • Home
  • Our Services
    • Infrastructure Testing
      • Internal Network Penetration Test
      • External Network Penetration Test
      • Wireless Network Penetration Test
      • Vulnerability Assessment
      • Network Segregation Test
      • Voice over IP (VoIP) Penetration Test
    • Application Testing
      • Web Application Penetration Test
      • Mobile Application Penetration Test
      • Desktop Application Security Assessment
      • Citrix Breakout Test
    • Configuration Review
      • Windows Server Build Review
      • Linux Server Build Review
      • Citrix Configuration Review
    • Information Assurance
      • ISO 27001 Gap Analysis
    • Cyber Essentials
  • News
  • Articles
  • About
    • About SecureTeam
    • STORM Appliances
      • Installing a STORM Device
      • Returning a STORM Device
    • White-Label Consultancy
    • Jobs
    • Cookie Policy
    • Quality Policy
    • Security Policy
    • Privacy Notice
    • Website Terms & Conditions
  • Contact Us

Cyber Essentials Certification

Cyber Essentials certification demonstrates that your organisation complies with a government-backed cybersecurity standard.

Cyber Essentials is a UK government-led scheme that was originally launched in 2014 as an assessment strategy to accompany the NCSC (National Cyber Security Centre) “10 Steps to Cyber Security” publication.

The scheme provides an accessible way for companies and organisations of all sizes to demonstrate their commitment to cybersecurity through a recognised and government-backed standard.

What does Cyber Essentials cover?

Within the Cyber Essentials scheme, there are five control categories which cover the five most-prominent cyber risks that affect organisations. These controls include the following:

Firewall Security

A firewall should be in place between the Internet and your organisation’s internal network. This firewall should be securely configured and be reviewed regularly.

Secure Configuration

Devices and software should be configured securely to prevent them from being compromised by a malicious user or malware. Default passwords should be changed, and all passwords should be suitably complex to prevent them from being guessed. All unnecessary software should be removed from end-user devices.

User Access Control

Access to your organisation’s data should be controlled through correctly assigned user accounts. Administration privileges should be tightly controlled, and administrative rights should only be granted to users who have a genuine, business need for this level of access.

Malware Protection

A robust anti-malware solution should be applied to prevent servers and end-user devices from being infected with malicious software. Cyber Essentials allows this to be achieved through conventional anti-virus software, application white-listing or by running applications in “sandboxed” environments.

Patch Management

All security updates and patches should be applied to devices and installed software. This ensures that security vulnerabilities are fixed and reduces the likelihood of devices and applications being compromised by a malicious user or malware.

Cyber Essentials Certification

Cyber Essentials certification demonstrates a base-level appreciation of cyber security within your organisation. The assessment process comprises of an online questionnaire being completed by the organisation, which captures information that supports the five controls being in place. Once the questionnaire has been submitted, an accredited Cyber Essentials assessor examines the responses to ensure that these are line with the list of requirements produced by the NCSC (National Cyber Security Centre). If successful, the organisation will be awarded Cyber Essentials certification.

Cyber Essentials Plus Certification

Cyber Essentials Plus builds on the requirements that are mandated by the Cyber Essentials certification and includes an active assessment that is conducted at your organisations premises. The Cyber Essentials Plus assessment requires that organisations already have Cyber Essentials certification and includes a number of specific tests which validate that a subset of the five control categories are implemented correctly.

A successful pass in each of the following tests allows for organisations to be awarded the Cyber Essentials Plus certification:

External Vulnerability Assessment

A vulnerability assessment is conducted against your organisation’s Internet-facing services. This is to ensure there are no vulnerabilities present in these services, which could allow them to be compromised by an Internet-based attacker.

Internal Patch Audit

An automated patch audit is conducted on your internal servers and workstations. This is to ensure that all critical-rated patches have been applied.

Review of Malware Protection

A configuration review is conducted of your anti-malware solution, to ensure that it has been installed correctly and offers a high degree of protection.

Email-based Malware Assessment

A test is conducted to assess if malicious files can be sent into your organisation through email attachments. This is achieved by sending a small number of malign, test files into some of your organisation’s email accounts from our server.

Web-based Malware Assessment

A test is conducted to assess if malicious files can be downloaded by your users from a potentially malicious server on the Internet. This is achieved by attempting to download a small number of malign, test files from our server to some of your organisation’s workstations.

What are the benefits of Cyber Essentials certification?

Obtaining Cyber Essentials certification provides assurance to your customers & stakeholders that your organisation has a baseline appreciation of cyber security. Cyber Essentials is a requirement for many UK public sector contracts, therefore achieving Cyber Essentials certification increases your eligibility to tender for sales into UK government departments.

Organisations who are awarded Cyber Essentials and Cyber Essentials Plus certification are provided with a certificate from our Accreditation Body and a logo toolkit which allows the Cyber Essentials logos to be used on the organisation’s website and in company documentation.

Displaying the Cyber Essentials logo to your customers and prospects provides a visible way to instil confidence in your organisation’s compliance with a recognised cybersecurity standard. It is also possible for customers to verify your Cyber Essentials certification through the NCSC website, therefore providing an additional layer of authenticity to your certification.

Why choose SecureTeam?

SecureTeam are an accredited Certification Body with the ability to perform both Cyber Essentials and Cyber Essentials Plus assessments on your organisation.

All of our Cyber Essentials assessments are conducted by our senior cybersecurity consultants, who have a strong technical background and are trained directly by our Accreditation Body.

We pride ourselves in partnering with our customers to provide guidance and support throughout the certification process. We want to ensure you are fully equipped before we perfom your assessment, so that we can maximise your chances of passing first time.

Our online booking system allows us to provide a quick turnaround on your assessment, while our dedicated consultancy team are on hand to answer any questions you may have before, during and after the certification process.

Book your Cyber Essentials assessment today

If you’re ready to get started with your Cyber Essentials certification, you can book your assessment with a debit or credit card through our online booking system. Our online payments are securely processed by our 3rd-party payment provider – Stripe.

Our Cyber Essentials assessments are priced as follows:

Cyber Essentials

From £300

Cyber Essentials Plus

From £1350

To book your Cyber Essentials or Cyber Essentials Plus assessment with us, please complete the following form:

If you’d like to speak with someone before making your booking or you’d like more information on the Cyber Essentials scheme, please get in touch and we’ll arrange a time for us to discuss your requirements further.

FAQs

Some frequently asked questions about our assessment process and the Cyber Essentials scheme in general have been answered as follows:

How does Cyber Essentials rank against other security standards like ISO 27001 ?

While the Cyber Essentials scheme provides a good baseline of cybersecurity, it does not go into the same level of detail as other security standards such as ISO 27001.

Cyber Essentials is a great way for organisations who may have no cybersecurity certification, to begin taking steps into formalising their cyber resilience into a recognised accreditation.

Many of our customers who have achieved Cyber Essentials & Cyber Essentials Plus certification have gone on to achieve ISO 27001; however, the approach to achieving ISO 27001 requires many procedural and technical controls to be in place which would not be covered by Cyber Essentials alone.

How quickly can our organisation become certified ?

The Cyber Essentials process requires you to complete an online questionnaire which asks a number of questions and requires appropriate evidence to be added. Once this questionnaire has been completed, one of our assessors will review the answers to determine if your organisations cybersecurity is adequate.

We aim to issue our questionnaires to customers on the same day that we receive the online booking and then review the answers on the same day that we receive a completed questionnaire. Although it is very much dependant on our customers completing the questionnaires, we can usually turn around a Cyber Essentials certification in less than a week.

For Cyber Essentials Plus assessments, this depends on our consultants availability to perform the onsite assessment; however, we are normally able to deliver a Cyber Essentials Plus assessment within a 2-3 week window.

We already have Cyber Essentials from a different Certification Body. Can we do Cyber Essentials Plus with SecureTeam?

Absolutely! Many of our customers have already achieved Cyber Essentials elsewhere and are looking into obtaining Cyber Essentials Plus. It may be that your previous Certification Body couldn’t offer you the Cyber Essentials Plus certification.

Once we start the assessment process, we will ask you to send us your existing Cyber Essentials certificate. We may also need to ask you some additional questions about your organisation and environment, which would otherwise have been answered on your original CE questionnaire.

information. secured.
  • Home
  • Our Services
    • Infrastructure Testing
      • Internal Network Penetration Test
      • External Network Penetration Test
      • Wireless Network Penetration Test
      • Vulnerability Assessment
      • Network Segregation Test
      • Voice over IP (VoIP) Penetration Test
    • Application Testing
      • Web Application Penetration Test
      • Mobile Application Penetration Test
      • Desktop Application Security Assessment
      • Citrix Breakout Test
    • Configuration Review
      • Windows Server Build Review
      • Linux Server Build Review
      • Citrix Configuration Review
    • Information Assurance
      • ISO 27001 Gap Analysis
    • Cyber Essentials
  • News
  • Articles
  • About
    • About SecureTeam
    • STORM Appliances
      • Installing a STORM Device
      • Returning a STORM Device
    • White-Label Consultancy
    • Jobs
    • Cookie Policy
    • Quality Policy
    • Security Policy
    • Privacy Notice
    • Website Terms & Conditions
  • Contact Us
SecureTeam