Cyber Essentials

Cyber Essentials is a government backed certification that helps you demonstrate your commitment to cyber security, protecting your users data, and is managed by the NCSC. Cyber Essentials has been designed to be a simple, but yet effective. The certification which will help protect your business against the most common cyber threats.

By achieving Cyber Essentials through InfoSec Governance, we take the stress out of the certification process. By working through the certification and its 5 key controls, the certification allows you to demonstrate to your customers, suppliers and wider business that you take the security of information and your business seriously.

InfoSec Governance are an approved Certification Body for the certification of Cyber Essentials, Cyber Essentials Plus, IASME Governance and IASME Audited, we can help through each step of the process or simply audit and certify your certification request.

InfoSec Governance cannot 100% guarantee that you will achieve Cyber Essentials or IASME Governance for your business. We will work with you where appropriate and identify any areas of weakness. Through our additional support packages we can help you identify your gaps and help you put in place the missing pieces.

How does it work?

The scheme is based upon a set of five security controls which listed below, when correctly deployed, will provide you with a level of protection from the most common cyber security threats. These controls apply to a defined scope, which could be part or all of your company, depending upon your needs.

By ensuring that your boundary firewalls are configured to only allow authorised inbound and outbound traffic, this will help to effectively protect your business against cyber threats.

By ensuring that security controls have been agreed and put in place when installing computers and mobile/network devices, will help ensure that configurations in default settings are reduced.

By making sure that user accounts are configured with only the level of access which is needed will help reduce network wide threats. Using the principle of least priviledge access should be applied to all accounts.

Making sure you have proper malware protection in place on all devices will help you protect your business against cyber threats such as ransomware, spyware and virus which may run throughout the network.

Keeping software up to date with the latest security updates is important and helps reduce the changes of devices being compromised. You should also ensure third-party software is kept up to date.

Cyber Essentials Levels

There are two levels, the basic, which is a self-assessment version which needs to be completed first. The second, is the Plus version which is is an onsite audited version and requires that the basic version has been completed within 3 months assessment.

How does it work?

A basic self-assessment of your business detailing your security stance against five controls.

Cyber Essentials Plus

A higher level, onsite audit of your business checking you against your self-assessment and environment.

Why do I need Cyber Essentials? Frequently Asked Questions

The cost of Cyber Essentials is £300 + VAT, this is for the basic self-assessment version. You fill in all the questions yourself and is then assessed by one of the InfoSec Governance auditors. We do have several options which are slightly more expensive if you require some help in filling out the self-assessment, this can be found on our Cyber Essentials Basic page. Once InfoSec Governance has all the information from you, we will set up the online portal within a few hours of receiving your information at most.

The time to complete the self-assessment will depend upon several factors, such as do you have all the information to hand, are all the controls in place etc. However if you can allocate an hour, you should be completed in this time. Yes, you can, you can download the question set from here. Please note that the questions or the format may change from time to time. Cyber Essentials Basic, is the first stage of two and is a self-assessment certification that is assessed by one of InfoSec Governance’s auditors. The auditor will mark the self-assessment and issue a certificate (if successful) based upon the information within the assessment.

Cyber Essentials Plus is an onsite audited certification, where an InfoSec Governance auditor will attend your site and verify your answers to the first stage of the certification. Additionally, a vulnerability scan will be performed across your business and several tests performed to test your email and endpoint security controls.


If our Cyber Essentials sounds of interest contact us below to discuss your requirements.
Request a quote

If you would like to go ahead with this service or to discuss your requirements so that we can provide a quote for your business please complete our contact form.

Alternatively, you can speak to our team on the number above if you have a question about our services?

Opening Hours
Monday to Friday 9:00am – 5:00pm
Copy link
Powered by Social Snap