Cyber Essentials Basic vs Cyber Essentials Plus
The Cyber Essentials certification is available in two levels, the Basic, self-assessment as well as the more in depth Plus audited version. When it comes to this certification a lot of businesses still don’t fully understand the differences between the two and how it impacts the business.
Cyber Essentials Basic
The basic Cyber Essentials certification is a self-assessment-based certification which is completed on an online portal and is answered by the company undergoing the assessment. There are currently around 90 questions which need to be answered, a lot of them being a simple Yes or No answers.
The basic self-assessment is a point in time assessment and you don’t have to give any evidence of your answers at the time of the submission.
The Cyber Essentials scheme undergoes a review every year or so and at times questions will be changed or added to ensure that the scheme is kept current.
Once you have completed all the answers you will submit the assessment to a certification body that you are paired up with, like ourselves, then the certification body will go through your answers and ensure they comply with the Cyber Essentials scheme and mark the answers accordingly.
If you successfully pass the marking, you will be granted a digital based certificate and will be certified to Cyber Essentials Basic.
The certification is valid for 12 months, after this time you will need to re-certify again.
Cyber Essentials Plus
With Cyber Essentials Plus, you are being audited against the answers that you provided in your Cyber Essentials Basic certification. Therefore, before you can achieve Cyber Essentials Plus, you must have a valid Cyber Essentials basic certification. However, you only have 90 days from the date of the basic certification date to achieve your Plus certification. So it is usually best to decide if you are going to go to this first.
The Cyber Essentials Plus certification involves a certification body performing an audit of your business, the certification body will perform several tests to ensure that the answers you originally supplied are correct and you are compliant with the scheme.
Because, the Plus certification is an audited version, it means that there is more information and actions to carry out and that the certification body and the company undergoing the certification will need to work together a lot more.
The certification body, once all tests are completed will then certify your company, if all controls are met. If however, there are any failures, you will need to remediate these quickly and then achieve certification.
Like the basic certification, the Plus certification is also only valid for 12 months and must be renewed to keep it current.
When it comes to cost, the Cyber Essentials Basic costs are decided by the provider of the Cyber Essentials Scheme and are based within a tiered framework. These are defined as:
|Micro organisations (0-9 employees)||£300 +VAT|
|Small organisations (10-49 employees)||£400 +VAT|
|Medium organisations (50-249 employees)||£450 +VAT|
|Large organisations (250+ employees)||£500 +VAT|
For the Cyber Essentials Plus, the costs are generally a lot more expensive, due to being an audited version and a lot more work being undertaken. For InfoSec Governance, our costs are as follows.
|Micro organisations (0-9 employees)||£1,200 +VAT|
|Small organisations (10-49 employees)||£1,400 +VAT|
|Medium organisations (50-249 employees)||£1,500 +VAT|
|Large organisations (250+ employees)||£2,000 +VAT|
Costs are invoiced at each stage of the process.
Which is right for me?
How do you know which certification is right for you? This can depend on several things, however, a lot of the time it can be based upon the requirements for contractual or supply chain requirements.
If you would like to talk to us to discuss your requirements, we’re more than happy to talk you through the options.
Where to go from here?
If you would like to achieve Cyber Essentials, please get in touch with InfoSec Governance via our website at: https://isgovern.com and we will talk you through the process and help you achieve certification as painless as possible.