Forensic Control

Cyber Essentials Plus Certification

What is Cyber Essentials Plus?

Cyber Essentials is a cyber security certification scheme developed by the UK government to help organisations guard against automated cyber threats. This certificate helps validate that your business has taken serious steps to protect itself against common cyber threats. 

To become Cyber Essentials certified, you’ll go through a rigorous security assessment. This assessment will help to identify any flaws in your current systems and processes so that you can ensure that your company infrastructure is safe, secure and up to date. 

Once you have obtained your certification, you can assure customers, partners and other stakeholders that you have all the necessary measures in place to protect against cyber threats.

Firewall configuration

Secure configuration

User access control

Patch management

Malware protection

What is Cyber Essentials Plus?

Cyber Essentials Plus is an extension of the Cyber Essentials scheme, providing a higher level of assurance by requiring organisations to undergo a series of vulnerability assessments by an external assessor.

To apply for Cyber Essentials Plus, an organisation must first achieve Cyber Essentials certification. Cyber Essentials Plus must then be obtained within three months of certifying to Cyber Essentials.

By 2025, 60% of organisations will use cybersecurity risk as a significant determinant in conducting third-party transactions and business engagements. (Gartner)

Why be Cyber Essentials Plus Certified?

There are several benefits to achieving Cyber Essentials Plus certification, including:

Cyber Essentials Plus certification can help instil confidence in customers, suppliers, and other stakeholders that Cyber Security is not only taken seriously – but steps have been taken to improve it.

Cyber Essentials Plus certification is a differentiator in a crowded marketplace, particularly when
bidding for contracts that require more Cyber
Security assurance.

By implementing the Cyber Essentials controls and undergoing external testing, an organisation can reduce the risk of a cyber attack and minimise potential damage.

Cyber Essentials Plus certification can help demonstrate compliance with regulatory requirements, particularly in industries that handle sensitive or confidential data.

About The Cyber Essentials Plus Audit

A Cyber Essentials audit is carried out to make sure that the devices used in your business are securely set up according to the scheme’s requirements. Firstly, a sample of computers used in your organisation is randomly selected to undergo testing.

Vulnerability scans are then performed on the selected machines to ensure that software updates and basic configuration meet the standards of the scheme.

After your vulnerability scan, an external scan will be conducted on your business’ internet-facing IP address to check that there are no obvious misconfigurations or vulnerabilities.

Finally, after those processes are complete, your email clients  (for example, Outlook or Gmail)  and internet browsers will be thoroughly examined to verify that appropriate anti-malware controls are in place. This helps to prevent the execution of fake malicious files and similar threats.

Cyber Essentials Plus is the highest level of certification within the Cyber Essentials scheme and involves the most rigorous evaluation of your systems.

Already Cyber Essentials certified? If not,
you’ll need to go here first…

Your result matters

Becoming Cyber Essentials Plus Certified

It’s difficult to know where to start with Cyber Security. Becoming certified can seem like a daunting
process, which is why we provide unlimited support, from start to finish. Our team won’t let you fail!

How we work


We send you our Cyber Essentials Plus tracker and step-by-step guide


We run a vulnerability test to spot areas that need remediation then rescan to check 


We hold an assessment day to carry out observational tests on a selected user group


We ensure you’re compliant following testing and assessment


Once our report is written, your certificate is then issued!

Cyber Essentials Plus Packages

Ready to get started? Speak to one of our team who will provide you with everything you need to know.

Included in our service:


1-9 users



per year


10 – 49 users



per year


50 – 249 users



per year


250 + users



per year

Ask us about spreading the cost with monthly payments at no extra cost 

Looking to certify to Cyber Essentials and Cyber Essentials Plus? Save time and money with our combined package

Happy Clients

Supporting our clients with down to earth advice, explained simply, is our mission. Don’t just take our word for it though. Here are a handful of our testimonials from clients we work with.

"Expert and friendly support towards our achieving Cyber Essentials Plus certification. Clearly laid out the expectations for meeting the standards and navigated us through. Kept us on track even when business demands were pulling our attention elsewhere. Delighted to have the certification but our business gained a great deal from the journey too."

Lee Bartmanis, Head of Operations, Nurole

"I highly recommend Forensic Control to any organization seeking top-tier cyber security services. Their well-coordinated process, insightful guidance, and refreshing approach to cyber security set them apart. They are true experts in their field, and we are grateful for their invaluable contributions to our company's cyber security journey.
Five stars and a heartfelt thank you to Forensic Control and the entire team!"

Elon Schutze, Services Director, Know Why BV

"I highly recommend Forensic Control for any company embarking on their Cyber Essentials journey. From the moment we engaged with them, Jonathan and his team provided exceptional service, ensuring that we had all the necessary information and tailored advice specific to our company's needs. Their professionalism, knowledge, and commitment to their clients are truly exceptional. If you're looking for a reliable and highly competent partner to guide you through your Cyber Essentials journey, Forensic Control is the perfect choice."

Adam Maxwell, Security Specialist, Jisc

"I've had the pleasure of working with Jonathan on two occasions and on both times he has shown the utmost professional customer care. He was able to help us get our CE renewal over the line during out of hours just so there is no lapse between our CE. He's been very helpful in answering all my questions as I was leading the CE renewal for my company for the first time and it could not have been any easier."  

An Le, IT Security Analyst, Save the Children

“Highly recommended Forensic Control. From the very start of our CE+ journey, Jonathan was providing tremendous service to us in order to ensure we had all the necessary information and advice specific to our company. They was consistently providing clear and helpful guidance in order for us to best succeed with our certification and as such had a great outcome! Big thanks to Jonathan and Forensic Control.”

Christopher Price, Technical Operations Lead, Faculty

“We had our Cyber Essentials Plus certification done by Jonathan and his team. Quick responses and professional advice that went further than the scope. Brilliant service and aftercare. Going forward, we will be using Forensic Control services.”

Maris Hakman, The Royal Foundation

"Forensic Control is a firm of professional cyber security advisers who guided our organisation achieve a ISO equivalent i.e. IASME Gold Standard accreditation over an 18 month period. Their service added a lot of value to our IT Governance and overall organisational security awareness and competencies."

Selam Shibru, Bank Worker’s Charity

"Forensic Control have been professional, efficient and very responsive in any queries we had in regards to the company gaining it’s Cyber Essentials qualification. We are continuing to use their services to progress to Cyber Essentials Plus. Highly recommend”

Francesca MacLeod, Cordless Consultant

“We are a small company that relies on the security of our data. Forensic Control has been perfect at keeping us protected and up to date with all the latest trends. Very efficient when we have needed help.”

Andy Bibby, CEO 87%

Frequently asked Questions

 We’re here to help with any questions you have about plans, pricing and supported features.


What is the difference between Cyber Essentials and Cyber Essentials Plus?

While Cyber Essentials focuses on self-assessment and self-declaration of adherence to cyber security controls, Cyber Essentials Plus involves a more rigorous external assessment. In addition to the self-assessment questionnaire, Cyber Essentials Plus requires an independent cyber security professional to conduct remote testing and verification of your organisation’s implemented controls.

This external assessment provides a higher level of assurance to stakeholders and customers, demonstrating that your cyber security measures are not only implemented but also effectively tested and validated.


Why should I consider obtaining Cyber Essentials Plus certification?

Cyber Essentials Plus certification offers several key advantages for your organisation. Firstly, it provides an even stronger level of assurance and validation of your cyber security controls compared to the standard Cyber Essentials certification. This can enhance customer trust and confidence, especially when dealing with sensitive data or engaging in partnerships where cyber security is a critical concern.

Cyber Essentials Plus certification also demonstrates your commitment to proactive cyber security practices, enabling you to differentiate yourself from competitors and potentially gain a competitive advantage in the marketplace.

How does the Cyber Essentials Plus certification process work?

The assessment for Cyber Essentials Plus involves an independent cyber security professional conducting thorough remote testing and verification of the controls you implemented at Cyber Essentials. This will include vulnerability scanning of a sample of your devices as well as testing their controls against malware. The tests also check that two factor authentication is in place for access to cloud services, and that users are not logged in as administrator.

The assessor evaluates your organisation’s adherence to the Cyber Essentials Plus controls and provides a report outlining any identified vulnerabilities or areas for improvement. This rigorous assessment process offers valuable insights into your cyber security posture and helps you address potential weaknesses.

How long does Cyber Essentials Plus certification last?

Cyber Essentials Plus certification is valid for one year from the date of certification. After this period, you will need to undergo a reassessment to maintain your certification. Regular reassessments are crucial as they allow your organisation to demonstrate ongoing compliance with the Cyber Essentials Plus controls and ensure that your cyber security measures stay up to date in the face of evolving threats.

The reassessment process provides an opportunity to review and enhance your cyber security practices, ensuring that your organisation maintains a strong and resilient security posture.