Skip to content

Cyber Essentials and Cyber Essentials Plus

What is Cyber Essentials?

Cyber Essentials is an annually renewable UK Government-aligned certification that confirms you meet a minimum baseline of cyber security. It focuses on five technical controls proven to reduce exposure to common internet-based attacks. IASME is the NCSC’s official Cyber Essentials delivery partner.

Why Cyber Essentials matters

Stronger Cyber Protection

Protects against common cyber threats by enforcing a practical baseline.

Increased Customer Trust

Builds customer confidence and supports supply-chain requirements.

Added Financial Safeguards

Includes cyber liability insurance for eligible UK organisations (as part of certification).

Greater Contract Opportunities

Helps with the eligibility for contracts that require Cyber Essentials.

What’s involved (typical delivery)

  1. Preparation – review the question set and requirements.
  2. Assessment submission – verified self-assessment via the IASME platform.
  3. Assessor review – external review: clarifications/resubmission if needed.
  4. Certification issued – valid for 12 months.

Pricing (fixed – per IASME)

Organization Size Price
Micro (0-9 employees)£320 + VAT
Small (10-49 employees)£440 + VAT
Medium (50-249 employees)£500 + VAT
Large (250+ employees)£600 + VAT

What is Cyber Essentials Plus?

Cyber Essentials Plus is the independently verified level of the UK Government-backed Cyber Essentials scheme.

While Cyber Essentials is a self-assessed certification, Cyber Essentials Plus includes a rigorous technical audit carried out by a qualified assessor to verify that your security controls are properly implemented and effective.

It provides a significantly higher level of assurance to customers, partners and supply chain stakeholders.

What does Cyber Essentials Plus cover?

The certification verifies protection across five key security control areas:

  1. Firewalls & Internet Gateways
  2. Secure Configuration
  3. User Access Control
  4. Malware Protection
  5. Security Update Management

Unlike the basic certification, Cyber Essentials Plus includes:

  • Internal vulnerability scanning
  • External vulnerability testing
  • On-site or remote device assessment
  • User account and privilege validation
  • Malware protection testing

This ensures your organisation is not only compliant on paper – but secure in practice.

Benefits of Cyber Essentials Plus

Independent, verified certification

Stronger protection against common cyber attacks

Increased trust from clients and stakeholders

Often required for Government and Defence contracts

Competitive advantage in tenders

Demonstrates supply chain security commitment

Is Cyber Essentials Plus Right for Your Organisation?

You may require Cyber Essentials Plus if:

  • You work with Government departments or public sector bodies
  • Your contract specifies Cyber Essentials Plus certification
  • You handle sensitive or confidential client information
  • You are part of a supply chain requiring verified cyber assurance
  • You want independently tested confirmation of your security controls
  • You are looking to strengthen your position in competitive tenders

Cyber Essentials Plus is often a requirement within Government supply chains and provides a higher level of assurance than standard Cyber Essentials, as controls are independently verified.

Base3 offers Cyber Essentials Plus Support

Base3 provides structured, hands-on support to guide your organisation through the entire process, reducing risk, minimising disruption and significantly increasing the likelihood of first-time success.

We offer a single, fully Assisted Cyber Essentials Plus service, designed to prepare your business thoroughly before formal audit and verification.

Pricing

Cyber Essentials Plus is not fixed-price due to the audit scope and organisational size.

Final costs depend on:

  • Number of users
  • Number of devices
  • Number of offices/sites
  • Network complexity

Key Documentation & Resources

All official documentation can be found under the Cyber Essentials section of the IASME/NCSC website:

Cyber Essentials Help & Resources (downloads + readiness tool)

Preview / download the self-assessment questions (PDF/Excel) + CE+ test specification

Cyber Essentials pricing + FAQ

NCSC Cyber Essentials overview/resources

https://www.ncsc.gov.uk/cyberessentials/overview

https://www.ncsc.gov.uk/cyberessentials/resources