Cyber Essentials & Cyber Essentials Plus Certification

cyber essentials

What is the Cyber Essentials scheme?

Cyber Essentials (CE) and Cyber Essentials Plus (CE+) are UK government-backed, industry-supported cybersecurity certification schemes, designed to help organisations of any size protect themselves from cyber threats. The schemes provide a practical, cost-effective way to protect against the most common cyber threats, helping organisations to demonstrate their commitment to cyber security and gain a competitive advantage.​This can include unpatched software and hardware, lack of strong passwords and poor cyber security practices.

cyber essentials

What is Cyber Essentials?

Cyber Essentials is a basic certification that helps organisations identify and mitigate the most common cyber threats. To achieve Cyber Essentials certification, organisations must complete a self-assessment questionnaire that covers five key areas of cyber security.

cyber essentials

What is Cyber Essentials Plus?

Cyber Essentials Plus differs from the basic certification by providing a hands-on technical verification that includes additional testing to verify that an organisation’s systems and processes are compliant with the Cyber Essentials requirements. In addition to the self-assessment questionnaire, organisations must also undergo an external vulnerability scan of their internet-facing systems, and a technical assessment of their internal systems. This is done to validate the self-assessment questionnaire completed.​

What are the 5 Cyber Essentials security controls?



All devices must be connected to the internet via a firewall.


Secure configuration

Ensuring applications settings are monitored and updated.


User access control

Users should only have access to the applications and software they need to do their roles.


Patch management

Ensuring that not only devices but operating systems are up to date.


Malware protection

Every device used by your organisation needs to have protection against viruses and malware.

Reasons your organisation needs Cyber Essentials

As well as providing the framework to keep your organisation secure, gaining Cyber Essentials offers a host of other assurances:

  • Increase your confidence in the security of your IT systems​
  • Demonstrate your commitment to cyber security to customers and suppliers​
  • Gain a competitive advantage over organisations that are not certified​
  • Receive recognition from influential industry bodies and government departments​
  • Reassure your customers that you are taking cyber security seriously​
  • Give your staff confidence in the protection of your systems​
  • Reduce the risk of cyber-attacks, data breaches, and other malicious activities​
  • Reduce costs associated with remedying cyber-attacks and data breaches​
  • Receive a certificate of recognition that demonstrates your commitment to cyber security.​

Simply put, not having a Cyber Essentials certification is the equivalent of leaving your front door unlocked.

Want to know more about Cyber Essentials?

Read our blog to learn why you need it and what it takes to get your organisation certified.

Read the blog here

Why TSG?

We are one of a few IT providers in the UK that has IASME certified consultants: this means that we’re well equipped to get a company through the certification process first time. .

We help you complete the self-assessment questionnaire  so there’s no guess work on your part. We’ll assess your current cybersecurity estate and policies and produce a report outlining where you currently are. We will then set out any remediation work required to gain certification.

Learn more about TSG

Request a Consultation with a Cyber Essentials Expert

  • This field is for validation purposes and should be left unchanged.