Cyber Essentials and Cyber Essentials Plus – FAQs

Cyber Essentials – How do I become certified?

When applying for Cyber Essentials, please pay in the shop to receive a login to the assessment portal.

All responses must ultimately be entered into an online portal to achieve certification.

How long does Cyber Essentials Certification last?

Certificates are valid for 1 year

What is the difference between Cyber Essentials and Cyber Essentials Plus Certification?

Cyber Essentials is a self-assessment exercise. Answers you give are assessed and clarifications are requested as required. Cyber Essentials Plus involves, in most cases, a technical audit at your premises. We use scanning software called Nessus to look for weaknesses in externally accessible ports and services that could make your company vulnerable, as well as checking that key software is correctly patched. In short, the Plus Certification offers a higher level of assurance.

How long does it take to get Cyber Essentials Certification?

With Indelible Data, you could receive your certificate in as little as 24hrs by using our GOLD service. How quickly you achieve the Certification however depends on how quickly you can meet the requirements should we request clarifications.

For Plus certification, please allow 4-8 weeks depending upon availability.

How much does Cyber Essentials and Cyber Essentials Plus cost?

BRONZE service £300+VAT for assessment and Certification.

SILVER service including access to the Cyber Essentials Guide to Passing First Time and 48hr assessment

GOLD service including access the to Cyber Essentials Guide to Passing First Time; a pre-assessment check and hour long call with assessor £500+VAT.

The cost for Cyber Essentials Plus starts from £1300+VAT.

What is an ACE Practitioner?

ACE Practitioners are trained and accredited by QG Management Standards, assisted by Indelible Data, to help companies implement the requirements of the standard. You can find a list of Practitioners here

Where do I get the Cyber Essentials Questionnaire?

Download the questionnaire here. But all questions must be answered on the online portal. The spreadsheet is for reference only and can help to divide work up between teams.

Cyber Essentials checklist

  • Make sure the questionnaire declaration is signed by a board-level officer
  • Ensure all “process” questions describe an initiator (who requests it), an implementer (who does the task), and a someone who checks the work has been done.
  • Answer every question
  • Ensure Operating system versions and editions are included (such as “Windows 10 Pro 2004” – rather than saying “Windows 10”)
  • Seek assurances where required – don’t guess! Ask home users if they have changed default passwords to routers, check your Antivirus is up to date etc
  • Ensure your mobile devices are capable of running the latest OS – and update to a supported version where necessary. If Apple is treating your iPhone 5 as legacy (which it is), even though patches are sometimes being released, it will be classed as a fail for Cyber Essentials.
  • Identify all relevant networks – remember a home worker’s router is in scope of the responses if they work from home some of their time. This is likely to be the majority of respondents during the pandemic if they have been forced to work from home.
  • We much prefer the “whole organisation” to be in scope – but understand there are sometimes valid reasons for wanting to descope parts of the business. Read the free guide (link below) to help you successfully do this.

For further information – please read our comprehensive guide which is included with the SILVER and GOLD services or is available for £50+VAT in our online shop