Cyber Essentials and Cyber Essentials Plus – FAQs

Cyber Essentials – How do I become certified?

When applying for Cyber Essentials Basic, please select the size of company and package required here to make payment and receive a login to the assessment portal.

All responses must ultimately be entered into an online portal to achieve certification.

How long does Cyber Essentials Certification last?

Certificates are valid for 1 year

What is the difference between Cyber Essentials Basic and Cyber Essentials Plus Certification?

Cyber Essentials Basic is a self-assessment exercise. Answers you give are assessed and clarifications are requested as required. Cyber Essentials Plus involves, in most cases, a technical audit conducted remotely or at your premises. We use scanning software called Nessus to look for weaknesses in externally accessible ports and services that could make your company vulnerable, as well as checking that key software is correctly patched. In short, the Plus Certification offers a higher level of assurance.

How long does it take to get Cyber Essentials Certification?

With Indelible Data, you could receive your certificate in as little as 24hrs by using our GOLD service. How quickly you achieve the Certification however depends on how quickly you can meet the requirements should we request clarifications.

For Plus certification, please allow 4-8 weeks depending upon availability.

How much does Cyber Essentials and Cyber Essentials Plus cost?

In January 2022, the NCSC introduced a tiered pricing structure dependant on the size of the applicant company. We also offer different packages depending on the service level required.

For a Micro company, prices are:

BRONZE service £300+VAT for assessment and Certification.

SILVER service including access to the Cyber Essentials Guide to Passing First Time and 48hr assessment

GOLD service including access the to Cyber Essentials Guide to Passing First Time; a pre-assessment check and hour long call with assessor £500+VAT.

The full pricing structure can be seen here

The cost for Cyber Essentials Plus starts from £1500+VAT.

What is an ACE Practitioner?

ACE Practitioners are trained and accredited by QG Management Standards, assisted by Indelible Data, to help companies implement the requirements of the standard. You can find a list of Practitioners here

Where do I get the Cyber Essentials Questionnaire?

Download the questionnaire here. But all questions must be answered on the online portal. The spreadsheet is for reference only and can help to divide work up between teams.

Cyber Essentials checklist

  • Make sure the submission is approved by a board-level officer
  • Ensure all “process” questions describe an initiator (who requests it), an implementer (who does the task), and a someone who checks the work has been done.
  • Answer every question
  • Ensure Operating system versions and editions are included (such as “Windows 10 Pro 2009” – rather than saying “Windows 10”)
  • Seek assurances where required – don’t guess! Ask home users if they have changed default passwords to routers, check your Antivirus is up to date etc
  • Ensure your mobile devices are capable of running the latest OS – and update to a supported version where necessary. If Apple is treating your iPhone 5 as legacy (which it is), even though patches are sometimes being released, it will be classed as a fail for Cyber Essentials.
  • Identify all relevant networks
  • We much prefer the “whole organisation” to be in scope – but understand there are sometimes valid reasons for wanting to descope parts of the business. Read the free guide (link below) to help you successfully do this.

For further information – please purchase our comprehensive guide which is included with the SILVER and GOLD services or is available for £50+VAT here