Affordable and achievable cyber security certification: Cyber Essentials and Cyber Essentials Plus
Cyber Essentials is a UK Government scheme developed by the National Cyber Security Centre (NCSC) to help organisations guard against common cyber threats and demonstrates their commitment to cyber security. It has been designed to be affordable, simple to implement, and to accommodate organisations of any size.
The certification process is managed by IASME who license certification bodies, such as Forensic Control, to carry out Cyber Essentials and Cyber Essentials Plus certifications.
Why certify with Forensic Control?
- We provide a complete service, hand-holding help at every step of the Cyber Essentials certification process
- Competitive pricing. For what we provide, our price isn’t beaten
- Expertise and experience. We’ve been around since 2008, and have certified dozens of organisations from the smallest to some of the best known organisations in the UK.
- Our feedback. Don’t just take out word for it, see what our clients have to say about us
CYBER ESSENTIALS
£1,000
Includes £300 certification fee
A hand-holding service, including unlimited phone & email support
Guided questionnaire with examples of “model” answers
£25,000 of free cyber insurance cover, if required and if qualifying
Cyber security advice for 12 months; up to 30 minutes of phone/email support per month
*Price does not include VAT.
CYBER ESSENTIALS PLUS
£1,750
A hand-holding service, including unlimited phone & email support
Qualified external assessor auditing your security controls
Tests of a set of user devices, firewalls & servers
On-demand vulnerability testing on external IP addresses for 12 months
Cyber security advice for 12 months; up to 30 minutes phone/email support per month
*Price does not include VAT. Price may differ for organisations with a mix of operating system versions/builds.
BEST VALUE
CYBER ESSENTIALS & CYBER ESSENTIALS PLUS
£2,500
Includes £300 certification fee
Includes everything from both our Cyber Essentials and Cyber Essentials Plus plans at a £250 discount over purchasing them separately
*Price does not include VAT. Price may differ for organisations with a mix of operating system versions/builds.
WHAT OUR CLIENTS SAY
“Highly recommended Forensic Control. From the very start of our CE+ journey, Jonathan was providing tremendous service to us in order to ensure we had all the necessary information and advice specific to our company. They were consistently providing clear and helpful guidance in order for us to best succeed with our certification and as such had a great outcome! Big thanks to Jonathan and Forensic Control..”
Christopher Price, Tech. Operations Officer, Faculty AI
“We are a small company that relies on the security of our data. Forensic Control has been perfect at keeping us protected and up to date with all the latest trends. Very efficient when we have needed help. Thank you.”
Andy Bibby, CEO, 87%
“Forensic Control came in to support us at very short notice. From the get-go, the service was professional, slick, to-the-point and constructive. The net effect was that we successfully achieved our CE+ certification but did so as a meaningful basis for growth and cultural change – this is due, in no small part, to the technical leadership, guidance and objectivity that Forensic Control brought to this project. I would actively look to work with and engage Forensic Control on future projects.”
Christopher Crowther, CIO, Spectra Analytics
Cyber Essentials Requirements – the 5 Key Areas
Cyber Essentials assesses how organisations protect themselves from cyber attacks by checking five key areas. It identifies whether the necessary controls are in place and how they are managed. Forensic Control offers simple, step-by-step guidance to help companies comply with each of these areas.
Please note, these controls apply to all internet-connected devices that access your data, including those not owned by your organisation (BYOD). If all devices that access your data meet these requirements it is likely that you would be in a good position to certify for the Cyber Essentials certification.
Securing your perimeter
You will need to ensure that your office firewalls, and Wi-Fi routers for home workers, are secure. Other requirements include changing default passwords on network equipment (here’s some good advice you can show to your users) and ensuring that these devices are supported and their firmware updated.
Securing your devices
Requirements to securely configure devices include removing software and user accounts which are no longer in use, and ensuring passwords are strong. Contrary to common advice, it is no longer considered secure to require users to regularly change passwords.
Updating your devices
It is important that all apps and operating systems are supported by their manufacturers and are kept updated. This ensures that they are protected against known vulnerabilities. Use of an MDM (mobile device management) tool can help put you in control of patching on your network.
Controlling access to your data
Everyone needs a unique user account to access your organisation’s data. You must also ensure that users only have access to the data they need according to their role. Data access permissions must be managed when a user changes roles, while the use and provisioning of administrative accounts must be controlled.
Protection against malware
Protection against malware is required on all devices where it is available, including for Macs. The anti-malware software needs to check for updates at least once every 24 hours, and it must protect against malicious websites. Mobile devices must not be compromised by jail-breaking or rooting.
If you’re interested in the Cyber Essentials accreditation or need more information, take a read of our Cyber Essentials FAQs or alternatively you can contact us directly.