What are the Cyber Essentials certification requirements?

Cyber Essentials certification requirements

Congratulations on deciding to look into the Cyber Essentials and Cyber Essentials Plus qualifications. The average cost for micro and small businesses that lost data or assets after cyber security breaches in the UK leapt to £8,170 in 2021, pushing more businesses to start taking their IT security more seriously. These are some of the most widely recognised schemes in the UK to confirm cybersecurity credentials. The certification requirements are extensive and can trip up IT novices. Forensic Control offers a comprehensive service to ensure that your business passes the first time with minimal disruption to your employees.

Cyber Essentials involves you answering around 80 questions covering your technical controls against cyber security risks. The questions cover your firewalls (both those on the edge of your network and those built into your devices), the secure configuration of your devices, user access control, how you protect against malware, and the updating (patching) of your systems. The assessment and certification should cover the entire IT infrastructure of your business, which will be clearly defined before work begins.

The requirements apply to all the devices and software that are within the boundary of the scope and that meet any of these conditions:

  • can accept incoming network connections from untrusted internet-connected hosts; or
  • can establish user-initiated outbound connections to devices via the

internet; or

  • control the flow of data between any of the above devices and the internet.

Detailed requirements of the scheme can be found in Cyber Essentials: Requirements for IT infrastructure v3.0.

Within the questionnaire itself, we supply detailed guidance, including example ‘model’ answers and unlimited help to assist you with your responses. If you discover that any part of your IT infrastructure isn’t up to code at this point, we can help you to make the necessary changes before testing takes place. Once you’ve completed all the questions and we’re happy that you’re compliant, a director/board level equivalent within your organisation will need to sign off your answers as accurate. We’ll then mark your answers and issue your Cyber Essentials certificate.

You can then progress on to Cyber Essentials Plus, which audits your responses to the Cyber Essentials questionnaire by assessing a representative sample set of your computers and phones. It checks that your anti-malware works effectively and includes a vulnerability scan against your router/firewall. It also verifies that operating systems and apps have been updated to protect against the latest threats – this is done remotely via the temporary installation of vulnerability scanning software and desktop/mobile screen sharing. We run test scans to ensure that each selected device is compliant before the assessment date.

Speak to our experts

We walk you through every step of the certification process, and as long as you make any required changes, we won’t let you fail.

Get in touch