Cyber Essentials

Cyber Essentials Certification Expert-Led, Since 2017

London-based authorised IASME Certification Body
Forensic Control has been delivering Cyber Essentials and Cyber Essentials Plus certification since 2017, working with businesses across the UK and worldwide from our base in Belgravia, London. As an authorised IASME Certification Body, led by former New Scotland Yard digital forensic investigators with nearly two decades of experience, we bring genuine investigative expertise to every certification - not just a questionnaire and a badge.
Quick Buy Guidance Tool Compare solutions
Cyber Essentials certification planning
Trusted by UK organisations for Cyber Essentials certification
Nurole logo Know Why logo Victoria and Albert Museum logo Save the Children logo Faculty logo British Heart Foundation logo Freuds Group logo Oxford Economics logo Arcmont logo
Why choose us

Why businesses choose Forensic Control for Cyber Essentials

01

Investigative expertise, not just a portal

Our assessors are former New Scotland Yard digital forensic investigators. We understand cyber threats from the inside because we have spent years investigating their aftermath. That perspective informs every certification we deliver.

02

Vulnerability scanning included at no extra cost

Every Cyber Essentials Plus package includes 12 months of continuous vulnerability scanning as standard. Under the updated v3.3 scheme, this is what good practice looks like. Most providers charge extra for it. We do not.

03

Unlimited support and retests

We do not charge for re-submissions or additional support calls during certification. Our clients have direct access to their assessor throughout the process. You will not be passed to a helpdesk.

04

Based in London, Certifying Businesses Worldwide

Our team is headquartered at 15 Belgrave Square, central London. We work with UK-based organisations and international businesses operating in the UK market. All assessments are conducted remotely, making certification straightforward regardless of where your team is based.

Our Cyber Essentials accreditations

Authorised IASME Certification Body

IASME
IASME
Certification Body
Cyber Essentials
Authorised
Certification Body
Cyber
Essentials Plus
Authorised
Certification Body
Cyber Essentials Guidance Tool

Not sure which Cyber Essentials option you need?

Our free guidance tool helps you find the right Cyber Essentials solution and check your readiness before you certify. Answer a few questions about your situation and we will point you to the right starting point. It only takes a few minutes.

Step 1 of 3

What best describes your situation?

Step 2 of 3

Why do you need Cyber Essentials certification?

Step 2 of 2

How recent is your current Cyber Essentials certificate?

Step 2 of 2

What level are you renewing?

Step 3 of 3

Does the contract specify which level of certification?

Step 3 of 3

How would you describe your organisation?

Step 3 of 3

What would be most useful right now?

Recommended for you

You need Cyber Essentials

Based on your answers, Cyber Essentials is the best starting point.

Recommended for you

Cyber Essentials

Guided self-assessment certification

£450 + VAT

IASME certification fee included

Guided self-assessment support

Unlimited support and retests during certification

Free security policy templates

£25k free cyber insurance for eligible UK organisations

Buy now

Have a question? Contact an expert

Free readiness check Not sure if you are ready to certify? Answer 10 questions and get an instant report showing exactly where you stand against the Cyber Essentials standard.
Recommended for you

You need Cyber Essentials Duo

Plus requires Cyber Essentials certification as a first step. Duo bundles both into a single managed sequence: one assessor, one timeline, one engagement.

Recommended for you

Cyber Essentials Duo

Both certifications + 12 months scanning

£1,800 + VAT

Includes all Cyber Essentials features

Cyber Essentials Plus technical audit

12 months vulnerability scanning included

One sequence, managed end-to-end

Unlimited support and retests during certification

Buy now

Have a question? Contact an expert

Free readiness check Not sure if you are ready to certify? Answer 10 questions and get an instant report showing exactly where you stand against the Cyber Essentials standard.
Ready to upgrade

You can go straight to Cyber Essentials Plus

Your recent certification is still valid for the self-assessment portion. Skip straight to the Plus technical audit. Because upgrades involve verifying your current certificate and scoping the audit, an assessor will help you get started.

Recommended for you

Cyber Essentials Plus

Independent technical audit

From £1,350 + VAT

Includes Cyber Essentials Plus audit

Remote technical assessment

External vulnerability testing

12 months vulnerability scanning included

Detailed compliance reporting

Contact an expert Schedule a call
Free readiness check First Plus audit under v3.3? If your previous Plus was under v3.2, the current rules on MFA, cloud scope and patching are stricter. Our 10-question readiness check shows whether you would pass under the current standard.
Upgrade path

You need Cyber Essentials Duo

Your self-assessment is more than three months old, so it needs refreshing as part of any Plus audit. Duo bundles the refresh and the audit into a single managed sequence at a single price. Because upgrades involve verifying scope, an assessor will help you get started.

Recommended for you

Cyber Essentials Duo

Both certifications + 12 months scanning

From £1,800 + VAT

Refreshed self-assessment plus Plus audit in one sequence

12 months vulnerability scanning included

One sequence going forward, managed end-to-end

Unlimited support and retests during certification

£25k free cyber insurance for eligible UK organisations

Contact an expert Schedule a call
Free readiness check First Plus audit under v3.3? If your previous Plus was under v3.2, the current rules on MFA, cloud scope and patching are stricter. Our 10-question readiness check shows whether you would pass under the current standard.
Recertification

Time to recertify your Cyber Essentials

Your certificate is expiring or you are switching from another provider. The recertification process is the same as a new application, but most clients complete it faster. To make sure your recertification is scoped correctly and to confirm any changes since last year, an assessor will help you get started.

Recommended for you

Cyber Essentials Recertification

Guided self-assessment recertification

From £450 + VAT

IASME-issued certificate and badge

Guided self-assessment recertification

Unlimited support and retests during certification

Typically completed within 1-3 working days

£25k free cyber insurance for eligible UK organisations

Buy now

Have a question? Contact an expert

Recertification

Time to recertify your Plus or Duo

Your audited certification is due. Recertification includes a refreshed self-assessment and the technical audit, with vulnerability scanning continuing for another 12 months. Because Plus and Duo recertifications involve scope confirmation and audit scheduling, an assessor will help you get started.

Recommended for you

Cyber Essentials Plus / Duo Recertification

Full recertification including refreshed self-assessment and technical audit

From £1,350 + VAT

Refreshed self-assessment plus technical audit

12 months vulnerability scanning continues

Unlimited support and retests during certification

Typically completed within 2-3 weeks

One sequence for Duo customers, managed end-to-end

Buy now

Have a question? Contact an expert

Free readiness check First Plus audit under v3.3? If your previous Plus was under v3.2, the current rules on MFA, cloud scope and patching are stricter. Our 10-question readiness check shows whether you would pass under the current standard.
Let us talk

Speak with one of our assessors

Our IASME-accredited assessors will walk you through what Cyber Essentials involves, which level suits your business, and what the process looks like. No obligation.

Contact an expert Schedule a call
Free readiness check Prefer to explore on your own first? Answer 10 questions and get an instant report showing exactly where you stand against the Cyber Essentials standard before speaking to anyone.
Free Readiness Assessment

Cyber Essentials Readiness Assessment

Answer 10 yes/no questions covering the five Cyber Essentials controls. Your result appears instantly on screen once you submit your details.

This assessment covers the key controls and gives a strong indication of your readiness. It does not guarantee a pass, but it will tell you exactly where you stand and what to address if there are gaps.

1 - Firewalls

Have you changed all default administrative passwords on your routers and firewalls?

Default passwords are published online and widely exploited. If you do not have an external firewall and rely on built-in laptop firewalls, you can answer yes.

Have your firewall rules been reviewed and documented in the last 12 months, with unnecessary rules removed?

Over-permissive or forgotten rules can expose services. If you have never changed the built-in firewall rules on your laptops, you can answer yes.

2 - Secure Configuration

Do you routinely remove or disable unused accounts, software and services on all laptops, desktops, servers and mobile devices?

Unused software and dormant accounts widen your attack surface.

Are all devices protected by an automatic screen lock requiring at least a 6-digit PIN, password or biometric?

An unlocked, unattended device is an open door to your systems and data.

3 - Security Update Management

Are all operating system and firmware security updates applied within 14 days of release?

Attackers routinely exploit freshly disclosed vulnerabilities. The 14-day window is a hard Cyber Essentials requirement.

Do you apply security updates to third-party applications such as browsers, messaging clients and VPN clients within 14 days of release?

Unpatched applications provide the same foothold as unpatched operating systems. The same 14-day rule applies.

4 - User Access Control

Does everyone with an admin account only use it when necessary, and use a separate standard account for email and browsing?

Separating admin and standard duties limits the damage if a user account is compromised.

Is multi-factor authentication enabled for all cloud services including email, SaaS tools and admin consoles?

Compromised accounts are the leading cause of breaches. MFA for all cloud services is mandatory under Cyber Essentials v3.3 and failing to enable it is an automatic fail.

Are all user and admin accounts accessed with unique credentials, with no shared logins?

Shared accounts defeat accountability and auditing. Every user must have a unique identity.

5 - Malware Protection

Do all devices run up-to-date anti-malware software or enforced application allow-listing? Are mobile devices prevented from accessing business data if they are jailbroken or rooted?

Malware remains a primary cause of breaches. Built-in tools like Windows Defender are sufficient if kept up to date.
Questions answered: 0 of 10
Almost there

Where shall we send your report?

Your result appears on screen the moment you submit. On staging, this test assessment is stored in Gravity Forms; public report email delivery remains disabled until go-live.

Please enter your name.
Please enter a valid work email address.
Please enter your organisation name.

Forensic Control will use your details to show your readiness result, store this assessment securely, and send your personalised Cyber Essentials Gap Analysis report when report delivery is enabled. Your data is stored in the UK/EU and never sold to third parties.

Connected test mode: your instant result appears on screen and this assessment is stored in Gravity Forms. Public report email delivery remains disabled until go-live.

Quick Buy

Cyber Essentials packages

Cyber Essentials

Guided self-assessment certification

£450 + VAT

IASME certification fee included

Guided self-assessment support

Unlimited support and retests during certification

Free security policy templates

£25k free cyber insurance for eligible UK organisations

Buy now

Cyber Essentials Plus

Independent technical audit

£1,350 + VAT

Includes Cyber Essentials Plus audit

Remote technical assessment

External vulnerability testing

12 months vulnerability scanning included

Detailed compliance reporting

Buy now
Most popular

Cyber Essentials Duo

Both certifications + 12 months scanning

£1,800 + VAT

Includes all Cyber Essentials features

Cyber Essentials Plus technical audit

12 months vulnerability scanning included

Shared renewal date

Unlimited support and retests during certification

Buy now

Not sure which is right for you? Compare solutions

Compare solutions

Compare Cyber Essentials Solutions

All certifications are issued annually by Forensic Control, an authorised IASME Certification Body.

Compare Cyber Essentials Solutions
Feature Cyber Essentials From £450/year Entry level plan Cyber Essentials Plus From £1,350/year Advanced features Requires CE first Cyber Essentials Duo From £1,800/year Most popular plan Includes everything
Certification & scope
Cyber Essentials certification Baseline cybersecurity certification - IASME-issued certificate and badge Must be purchased separately
Cyber Essentials Plus certification Independent technical audit by IASME-accredited assessor
IASME certification fee included £320 IASME fee included in price - no hidden extras
Guided self-assessment questionnaire Forensic Control assessors review your answers before submission Only with CE purchase
Security features
Protection against common cyber threats Covers the five NCSC controls: firewalls, secure configuration, access control, malware protection and patching
Compliance with government security standards Required for many central government and MoD contracts
Essential security controls implementation Baseline controls assessed and verified
In-depth security assessment Deeper review of security posture beyond self-assessment
External vulnerability testing Remote scan of internet-facing systems
Internal vulnerability assessments Assessment of internal systems and network
12 months vulnerability scanning included Ongoing external scanning at no extra cost throughout the year
Advanced security audits and testing
Detailed compliance reporting Written report of findings and compliance status
Enhanced protection and compliance Verified controls - not just self-declared
Increased protection against cyber threats Verified technical controls reduce attack surface
Support & extras
Unlimited support Access to Forensic Control's IASME-accredited assessors throughout
Unlimited testing / retests No charge for resubmissions if you need to remediate
Free security policy templates Ready-to-use policy documents to support your submission
£25,000 free cyber liability insurance Complimentary cover for eligible UK organisations with turnover under £20m*
What it helps with
Government supply chain contracts
MoD and high-assurance contracts Ministry of Defence supplier requirements
Cyber insurance premium reductions Many insurers require CE as a minimum; Plus can reduce premiums further
Select number of users
 Buy now - £450 + VAT 1 to 9 users Buy now - £1,350 + VAT 1 to 9 users Buy now - £1,800 + VAT 1 to 9 users

*Terms apply.

Process

How Cyber Essentials Certification Works

From choosing your route to certification, we guide you through every step.

Choose your package

Select Cyber Essentials, Cyber Essentials Plus, or our Duo package depending on your requirements. Not sure which? We will advise you for free.

Free guidance tool

5 minutes to know where you stand

Complete the self-assessment

We guide you through the IASME self-assessment questionnaire. Our assessors are available throughout your assessment.

Guided support included

Expert assessors support you every step of the way

We mark and certify

Our IASME-accredited assessors review your submission and issue your certificate, typically within 2 working days. If we identify any non-conformities, we guide you through them at no extra charge.

Typically 2 working days

Fast turnaround and unlimited retests

Stay protected year-round

Cyber Essentials Plus clients receive 12 months of continuous vulnerability scanning as standard. We will also send you a reminder before your annual recertification is due.

CE Plus and Duo

12 months scanning, renewal reminders and peace of mind

Sectors

Cyber Essentials for Your Sector

Every UK organisation can benefit from Cyber Essentials, but what drives the decision to certify is different in every sector. We work with businesses across:
01

Fintech & Finance

Meet client and regulator expectations on cyber security with certification that's recognised across the FCA-regulated sector.
02

Construction & Engineering

Required by an increasing share of public-sector and tier-1 contractor frameworks. We make certification straightforward.
03

Legal & Professional Services

Demonstrate SRA-aligned security to clients, panels and cyber insurers, without disrupting how the practice operates.
04

Non-profits & Charities

Protect donor and beneficiary data with proportionate, affordable certification designed around how charities actually operate.
05

Public Sector Supply Chain

Mandatory for central government suppliers handling sensitive information. We've supported public-sector certification since 2017.
06

MoD & Defence Supply Chain

Cyber Essentials Plus is a condition of contract for many MoD frameworks. We have direct experience preparing defence suppliers for assessment.

Need Cyber Essentials for a sector not listed? Contact us - we certify organisations of all types across the UK and worldwide.
Client proof

Trusted by organisations pursuing Cyber Essentials

5-star Google reviews from Cyber Essentials and Cyber Essentials Plus clients.

Highly recommend Forensic Control for anyone looking for a knowledgeable and supportive Cyber Essentials Plus audit partner.

Stryde

Cyber Essentials Plus client

From the very start of our CE+ journey, Jonathan was providing tremendous service to us in order to ensure we had all the necessary information and advice specific to our company.

Christopher Price

Faculty AI

Expert and friendly support towards our achieving Cyber Essentials Plus certification. Clearly laid out the expectations for meeting the standards and navigated us through.

Lee Bartmanis

Nurole

Forensic Control were an excellent partner on our Cyber Essentials and Cyber Essentials Plus journey. They held our hand and counselled us through some seemingly insurmountable obstacles for a small firm.

Alison Hook

Hook Tangaza

This was our first time completing the certification. Jonathan outlined a clear, structured approach that gave me confidence straight away. Ross Southwell provided expert guidance throughout.

Charlotte Brown

Searchworthy

Forensic Control were exceptionally helpful and efficient all the way through the process, helping us to achieve Cyber Essentials Plus with minimum fuss.

Patrick Scott

Wellgate

We renewed our Cyber Essentials and Cyber Essentials Plus certifications with Forensic Control. They were professional, helpful and friendly throughout.

James Swash

Toca.io

5.0

Cyber Essentials and Cyber Essentials Plus reviews

Read all reviews on Google
Everything you need to know

Cyber Essentials: Frequently Asked Questions

What is Cyber Essentials certification?
What is the difference between Cyber Essentials and Cyber Essentials Plus?
How much does Cyber Essentials certification cost in the UK?
How long does Cyber Essentials certification take?
Is Cyber Essentials mandatory in the UK?
What is changing with Cyber Essentials in April 2026?
Do I need Cyber Essentials if I am not a government supplier?
Why choose Forensic Control for Cyber Essentials certification?

Speak directly with our Cyber Essentials experts

Contact an Expert
Call us
+44 (0)20 7664 4522
Message us
hello@forensiccontrol.com
Address
15 Belgrave Square
London
SW1X 8PS
Resources

Cyber Essentials resources

Made by

©2025 Forensic Control - All Rights Reserved.
Cookie Policy
Eligibility Requirements
Privacy Policy
Terms and Conditions
Forensic Control
Powered by  GDPR Cookie Compliance
Privacy Overview

This website uses cookies so that we can provide you with the best user experience possible. Cookie information is stored in your browser and performs functions such as recognising you when you return to our website and helping our team to understand which sections of the website you find most interesting and useful.