Cyber Essentials Plus Checklist and quote request


Cyber Essentials Plus Checklist logo

Cyber Essentials Plus is achieved by following the following this Cyber Essentials Plus Checklist which starts by downloading the scope and quotation form to help us to assess the costs involved in performing an on-site (or remote) vulnerability assessment.

The Beacon test specification will be followed for all those who certified to Cyber Essentials using the Beacon Questionnaire Set – i.e. all Cyber Essentials Basic accounts that were created on the portal before 24th January 2022 will be tested using the Beacon CE Plus Test Specification. Clients who require a copy of this Test Specification should contact us.

Those accounts created after January 24th 2022 must follow the Evendine specification

Before the assessment takes place, you must submit responses on the Cyber Essentials portal to achieve Basic level (or have achieved Basic level no more than three months before achieving Plus). A login would be sent to you as part of the Cyber Essentials Plus process and the cost of assessment and Certification at Basic level would be included with Cyber Essentials Plus.

Cyber Essentials Plus checklist overview

1. Documentation

  • Complete the Asset Declaration form (we will send this to you ahead of the test). 
  • Upload the form at least two weeks before assessment 
  • Submit Cyber Essentials Basic on the portal at least one week before assessment

2. Preparation

  • Download and install Scanning software (if opting for a remote test) 
  • Provide contact details for your assessment technical lead  
  • Grant permission for external scans  
  • Arrange for agreed sample set of computers to be available for assessment

3. Prep Call

  • Prep call with assessor to check everything is in place for the assessment. The Prep document must be read ahead of the call 

 4. Assessment

  • Assessment day 
  • In the event of a failure, provide evidence of remediation and arrange retest within a month. Retests are free if they can be conducted remotely and take no longer than one hour to confirm. Otherwise, retest costs start from £400 plus VAT (if it is within one month). 
  • If a retest is not completed within a month, a full repeat assessment and re-quote is required 

5. Certificate Issued 

What is Cyber Essentials?

Cyber Essentials has been developed as part of the UK’s National Cyber Security Programme and aims to encourage businesses of any size to take steps towards achieving a baseline of cyber security.

It is believed that implementing the required controls could shield companies from up to 80% of the common threats from the internet.

Adopting Cyber Essentials has become a major requirement to win business in many sectors. For example, the government requires certain suppliers bidding for some contracts to be Cyber Essentials certified.

The scheme is applicable all private sector organisations, universities, charities, and public sector organisations. It is backed by industry including the Federation of Small Businesses, the CBI.

A company can gain the relevant Cyber Essentials badges: “Cyber Essentials” and “Cyber Essentials Plus”. These badges allow a company to advertise the fact that it adheres to a government endorsed standard.

Cyber Essentials Certification is achieved after a self assessment is submitted for review to a Certification Body with the approval of a senior director, stating that all the criteria has been met.

The key areas include secure configuration of firewalls and other devices capable of connecting to the internet, user access control, use of anti-virus software and the need to keep operating systems and programs up to date.

Cyber Essentials Plus requires the company to pass an onsite or remote vulnerability assessment performed by the Certification Body. Following the cyber essentials plus checklist on this page will help the certification process run more smoothly.