The Cyber Essentials scheme is a UK government-backed cyber security certification designed to protect organisations from common cyber threats. Below are the most commonly asked questions about the scheme.
What is the Cyber Essentials Scheme?
It is a government-backed certification helping organisations protect against common cyber threats through five key controls: firewalls, secure configuration, user access control, malware protection, and patch management.
What are the benefits of Cyber Essentials certification?
It is believed that being compliant in all the controls reduces the risk of cyber attack by up to 80 per cent, demonstrates cyber security commitment, enables bidding for government contracts, and includes cyber liability insurance for eligible UK organisations.
What’s the difference between Cyber Essentials and Cyber Essentials Plus?
Basic certification uses a verified self-assessment questionnaire. Plus Certification includes an external technical audit of devices, servers, and gateways for greater assurance.
Must I pass all questions?
A non-compliance to some of the questions will result in an automatic failure, whilst responses to other questions may cause a failure through cumulation. We cannot divulge which questions relate to which type of failure. We therefore recommend aiming to be complaint in all the responses.
Is Cyber Essentials certification mandatory?
Whilst it is not mandatory, it is required for many UK government contracts, especially those handling sensitive or personal data. Many companies are beginning to mandate compliance throughout their supply chains.
How long is a Cyber Essentials certificate valid?
12 months, with annual renewal recommended (and often mandatory) to fulfil contractual obligations.
What does the Cyber Essentials assessment process involve?
Complete a self-assessment questionnaire, signed off by a board member, submitted online, and reviewed by an assessor. Results are typically returned within 1-5 days depending upon the level of service purchased.
Can I prepare for the assessment in advance?
Yes, download the free question set from our website to prepare answers and identify compliance gaps. And we also offer detailed guidance in our exclusive Cyber Essentials to passing first time
What happens if I fail the Cyber Essentials assessment?
You receive feedback on non-compliant areas and resubmission requirements range from 1 retry within 10 working days up to unlimited attempts depending upon the package purchased.
Does Cyber Essentials protect against all cyber threats?
No, it protects against roughly 80% of common threats (e.g., malware, phishing). It’s a baseline; consider standards like ISO 27001 for broader protection.
Who can apply for Cyber Essentials certification?
Any organisation, regardless of size or sector, can apply, including businesses, charities, and public sector entities.
What are the five technical controls of Cyber Essentials?
Firewalls, secure configuration, user access control, malware protection, and patch management.
Do I need an IT expert to complete Cyber Essentials?
Not necessarily, but basic IT knowledge is helpful. Many organisations complete it internally, though consultants can assist for complex setups. Please see our list of Trusted Partners who may help with your submission.
How long does it take to get certified?
Preparation varies (days to weeks), but the assessment process typically takes 1-5 days for results after submission.
Can I certify part of my organisation?
Yes, you can certify a specific scope (i.e networks), but insurance is only included when certifying the entire organisation.
How does Cyber Essentials align with other standards?
It is a foundational step that aligns with standards like ISO 27001 or IASME Cyber Assurance but focuses on basic, essential controls for smaller organizations.
/-3.5042587517567103,%2054.70635734010168,15.5/300X450@2X?access_token=pk.eyJ1Ijoid29tYmF0Y2hyaXMiLCJhIjoiY2pqaGEyd2lzMDQ3ZDN2bWQ4OTBsa2pmayJ9.ksVq6arM13qYhr76pco33w)