Forensic Control

A Quick Guide to Cyber Essentials and Cyber Essentials Plus Certification



As a business owner you have busy schedule managing all aspects of your organisation, add to that the need to stay secure, there are a lot of plates to spin. Luckily, there is a simple way to ensure your organisation can protect against cyber attacks, which requires a little investment in return for peace of mind, called Cyber Essentials.  Cyber Essentials is a government-backed, industry-supported scheme that helps organisations protect themselves against common online threats. It is designed to help you improve your cyber security practices and demonstrate your commitment to cyber security to your customers and suppliers.

Achieving certification can bring many benefits to your organisation, such as reducing your cyber security risk, attracting new business, complying with regulations and contractual requirements, and protecting your data and reputation.

In this guide, you will learn about the benefits of Cyber Essentials for business owners and their employees, as well as for their clients. You will also learn about the steps and costs involved in obtaining Cyber Essentials certification, and how to choose a certification body that suits your needs and budget.

Benefits of Cyber Essentials for business owners and their employees

Cyber Essentials can help you and your staff improve your cyber security practices by providing you with a clear framework of five basic technical controls that can prevent 80% of cyber attacks. These controls are:

  • Boundary firewalls and internet gateways: These are devices that monitor and control the network traffic between your organisation and the internet. They can help you block unauthorised access and malicious content from entering your network.
  • Secure configuration: This means ensuring that your systems and devices are configured securely, and that only the necessary software, services, and user accounts are enabled. This can help you reduce the potential attack surface and minimise the vulnerabilities that attackers can exploit.
  • Access control: This means ensuring that only authorised users have access to your systems and data, and that they have the appropriate level of access. This can help you prevent unauthorised access and misuse of your systems and data by insiders or outsiders.
  • Malware protection: This means ensuring that your systems and devices are protected from malicious software, such as viruses, ransomware, spyware, and worms. This can help you detect and remove malware before it can cause damage or compromise your data.
  • Patch management: This means ensuring that your systems and devices are updated regularly with the latest security patches. This can help you fix the known vulnerabilities that attackers can exploit to gain access or cause harm.

By implementing these controls, you can protect your organisation from disruption, espionage, and financial loss caused by cyber attacks. You can also benefit from cyber liability insurance cover, dedicated expert cyber security advice, and increased awareness of the threats and how to manage them.

Benefits of Cyber Essentials for clients

Cyber Essentials can help you build trust and confidence with your clients by showing them that you take cyber security seriously and that you are working to secure your IT against cyber attack. This can help you differentiate yourself from your competitors and attract new clients with the promise of cyber security.

Achieving certification can also help you meet the expectations and requirements of your clients, especially if they are in the public sector or handle sensitive and personal information . For example, some government contracts require Cyber Essentials certification as a minimum standard of cyber security. By having Cyber Essentials certification, you can demonstrate your compliance and increase your chances of winning such contracts.

How to achieve Cyber Essentials certification

There are two levels of certification: Cyber Essentials and Cyber Essentials Plus. Cyber Essentials is a self-assessment option that requires you to complete an online questionnaire and submit it for review by a certification body. Cyber Essentials Plus is a technical audit option that requires you to undergo a hands-on verification of your cyber security by a certification body.

The cost of Cyber Essentials certification depends on the size of your organisation and the certification body you choose. The certification fee typically ranges from £300 to £500 + VAT. The cost of Cyber Essentials Plus certification also depends on the size and complexity of your organisation and the certification body you choose. Certification fees typically ranges from £1,900 to £5,000 + VAT. Many organisations choose to carry out Cyber Essentials as a self assessment, allowing you to achieve certification independently. However, for organisations with limited time and knowledge, some may choose to work with a trusted third party called a certification body (like us!). A certification body is an independent company who can support and guide you through Cyber Essentials and will carry out the audits needed for Cyber Essentials Plus. 

To achieve Cyber Essentials certification, you need to follow these steps :

  • Discuss and purchase your level of certification with a qualified certification body, like us!
  • Access the online questionnaire and complete it with the help of the guidance and support provided. The questionnaire will ask you about your organisation and the technical controls you have in place. You may need to provide some evidence to support your answers, such as screenshots or configuration files.
  • Submit your questionnaire for review and receive feedback or confirmation of your compliance. The certification body will check your answers and evidence and let you know if you have met the Cyber Essentials requirements or if you need to make any improvements.
  • If you choose Cyber Essentials Plus, arrange for a technical audit of your systems by the certification body. The certification body will visit your premises and conduct a series of tests on your systems and devices to verify that they are secure and compliant with the Cyber Essentials standards.
  • Receive your certificate and display it on your website and marketing materials. The certificate is valid for one year and can be renewed annually by repeating the assessment process.


Cyber Essentials is a scheme that helps you protect your organisation from common cyber threats. It will also help you demonstrate your commitment to cyber security. Certification can help you and your staff improve your cyber security practices and build trust and confidence with your clients.  Working through the process will help you comply with regulations and contractual requirements.  Cyber Essentials certification is a valuable tool for businesses seeking to protect themselves and their clients from cyber threats. To find out more about getting your organisation certified please speak to our team who will be happy to help. 

Related content

As computer forensics experts we are bound to abide by the ACPO Principles of Digital Based Evidence, ACPO being the Association of Chief Police Officers. ACPO provides a set of Guidelines for Computer Based Evidence, and they come with a suite of four essential principles. Here they are.
Computer forensics, sometimes known as digital forensics, is undertaken by trained examiners who pull data (search histories, purchase records, time logs and more) from devices including, but not limited to: computers, tablets, and smartphones.


Sign up here if you wish to receive updates and news from Forensic Control by email. We will not send you anything else and you may end the subscription at any time.

By providing your email address, you agree to receive marketing
messages as per our Privacy Policy