Cyber Essentials

Cyber Essentials is a government backed certification that helps you demonstrate your commitment to cyber security and protecting your users data which is managed by the NCSC. Cyber Essentials has been designed to be a simple, but yet effective certification which will help protect your business against the most common cyber threats.

By achieving Cyber Essentials through InfoSec Governance, we take the stress out of the certification process. By working through the certification and its 5 key controls, the certification allows you to demonstrate to your customers, suppliers and wider business that you take the security of information and your business seriously.

InfoSec Governance are an approved Certification Body for the certification of Cyber Essentials, Cyber Essentials Plus, IASME Governance and IASME Audited, we can help through through each step of the process or simply audit and certify your certification request.

InfoSec Governance cannot 100% guarantee that you will achieve Cyber Essentials or IASME Governance for your business, however we will work with you where appropriate and identify any areas of weakness. Through our additional support packages we can help you identify your gaps and help you put in place the missing pieces.

How does it work?

The Cyber Essentials scheme is based upon a set of five security controls which listed below, when correctly deployed, will provide you with a level of protection from the most common cyber security threats. These controls apply to a defined scope, which could be part or all of your company, depending upon your needs.


By ensuring that your boundary firewalls are configured to only allow authorised inbound and outbound traffic, this will help to effectively protect your business against cyber threats.

Secure Configuration

By ensuring that security controls have been agreed and put in place when installing computers and mobile/network devices, will help ensure that configurations in default settings are reduced.

Access Control

By making sure that user accounts are configured with only the level of access which is needed will help reduce network wide threats. Using the principle of least priviledge access should be applied to all accounts.

Malware Protection

Making sure you have proper malware protection in place on all devices will help you protect your business against cyber threats such as ransomware, spyware and virus which may run throughout the network.

Patch Management

Keeping software up to date with the latest security updates is important and helps reduce the changes of devices being compromised. You should also ensure third-party software is kept up to date.

Cyber Essentials Levels

There are two levels, the basic, which is a self-assessment version which needs to be completed first. The second, is the Plus version which is is an onsite audited version and requires that the basic version has been completed within 3 months assessment.

Cyber Essentials Basic

A basic self-assessment of your business detailing your security stance against five controls.

Cyber Essentials Plus

A higher level, onsite audit of your business checking you against your self-assessment and environment.

Why do I need Cyber Essentials?

By implementing the five defined controls throughout your business you can help to protect your business against 80% of the most common cyber-based threats.

Frequently Asked Questions

Exit mobile version