Cyber Essentials and Cyber Essentials Plus – FAQs

Cyber Essentials – How do I become certified?

When applying for Cyber Essentials, please pay in the shop to receive a login to the assessment portal.

All responses must ultimately be entered into an online portal to achieve certification.

How long does Cyber Essentials Certification last?

It is generally accepted that companies should recertify within 12 months – but any certificates issued before 1 April 2020 don’t actually have an expiry date. It has always been up to the procurement department of any company that requires you to hold a Cyber Essentials certificate if they will accept an extended time-frame for their latest certificate to be completed. From July 2021, all certificates will have an expiration date of 1 year of certification.

What is the difference between Cyber Essentials and Cyber Essentials Plus Certification?

Cyber Essentials is a self-assessment exercise. Answers you give are assessed and clarifications are issued as required. Cyber Essentials Plus involves, in most cases, a technical audit at your premises. We use scanning software called Nessus to look for weaknesses in externally accessible ports and services that could make your company vulnerable, as well as checking that key software is correctly patched. In short, the Plus Certification offers a higher level of assurance.

How long does it take to get Cyber Essentials Certification?

With Indelible Data, you could receive your certificate in as little as 24hrs by using our expedited service. How quickly you achieve the Certification however depends on how quickly you can meet the requirements should we request clarifications.

For Plus certification, please allow 4-8 weeks depending upon availability.

How much does Cyber Essentials and Cyber Essentials Plus cost?

We charge £300+VAT for assessment and Certification.

The Pre-assessment check service costs £495+VAT.

The cost for Cyber Essentials Plus starts from £1300+VAT.

What is an ACE Practitioner?

ACE Practitioners are trained and accredited by Cyber Essentials Accreditation Body QG Management Standards, assisted by Indelible Data, to help companies implement the requirements of the standard. You can find a list of Practitioners here

Where do I get the Cyber Essentials Questionnaire?

Download the questionnaire here. But all questions must be answered on the online portal. The spreadsheet is for reference only and can help to divide work up between teams.

Cyber Essentials checklist

  • Make sure the questionnaire declaration is signed by a board-level officer
  • Ensure all “process” questions describe an initiator (who requests it), an implementer (who does the task), and a someone who checks the work has been done.
  • Answer every question
  • Ensure Operating system versions and editions are included (such as “Windows 10 Pro 2004” – rather than saying “Windows 10”)
  • Seek assurances where required – don’t guess! Ask home users if they have changed default passwords to routers, check your Antivirus is up to date etc
  • Ensure your mobile devices are capable of running the latest OS – and update to a supported version where necessary. If Apple is treating your iPhone 5 as legacy (which it is), even though patches are sometimes being released, it will be classed as a fail for Cyber Essentials.
  • Identify all relevant networks – remember a home worker’s router is in scope of the responses if they work from there over 50% of their time. This is likely to be the majority of respondents during the pandemic if they have been forced to work from home.
  • We much prefer the “whole organisation” to be in scope – but understand there are sometimes valid reasons for wanting to descope parts of the business. Read the free guide (link below) to help you successfully do this.

For further information – please read our comprehensive free guide