Forensic Control

Cyber Essentials Certification

What is Cyber Essentials Certification?

Cyber Essentials is a government-backed, industry-supported scheme that helps organisations of all sizes and sectors protect themselves against common online threats. By following a set of basic technical controls, you can reduce the risk of cyber attacks and demonstrate your commitment to cyber security to your customers, suppliers, and regulators.

At Forensic Control, we are experts in certifying organisations to Cyber Essentials. We can guide you through the process of applying for your Cyber Essentials certificate, which will show that you have met the essential standards of cyber hygiene and resilience. We can also help you prepare for the more advanced Cyber Essentials Plus certification, which involves a more rigorous assessment of your security controls by an external auditor

Get Cyber Essentials-certified and protect your organisation against cyber threats.

Cyber Essentials certification addresses five fundamental controls to help prevent cyber attacks:

Firewall configuration

Secure configuration

User access control

Patch management

Malware protection

Firewall Configuration

Firewalls act as barriers between your device/internal network and the outside world, monitoring and controlling incoming and outgoing data. Correctly configuring your firewall is a crucial step in enhancing network security and protecting your organisation against online threats.

Secure Configuration

Secure configuration involves implementing secure settings for devices, systems, and software to minimise vulnerabilities and reduce the risk of unauthorised access or exploitation. This includes such things not using default passwords, only using services & apps that are required by the business, and regular checks to ensure the removal or disabling of unnecessary user accounts.  

User Access Control

User access control refers to the measures taken to ensure that only authorised individuals have access to data and resources and that their level of access is appropriate to their job role – e.g., people have the minimal access to data required to carry out their role, and nothing more

Management of app and operating system updates

Also known as patch management, this control ensures that all of your devices are updated to protect them against known vulnerabilities. This is a crucial part of the Cyber Essentials scheme. 

Malware Protection

All devices must be appropriately protected against malicious software.This would typically mean having up to date anti-malware solutions on computers and controls around the type of apps installed on mobile devices.

Cyber Essentials and IASME

Cyber Essentials certification is a UK government-backed scheme developed by the
The National Cyber Security Centre (NCSC). It helps organisations protect themselves against cyber threats and demonstrates their commitment to Cyber Security. In 2020, IASME became the NCSC’s Cyber Essentials partner responsible for raising awareness of Cyber Essentials for organisations in the UK.

As an IASME trusted and licensed partner, our team guides organisations of all sizes through the process of achieving the Cyber Essentials certification – from start to finish.

By 2025, 60% of organisations will use cybersecurity risk as a significant determinant in conducting third-party transactions and business engagements. (Gartner)

Why get Cyber Essentials Certified?

Reduce Cyber Security Risks

It’s a simple and effective way to protect your sensitive data from the most prevalent cyber threats, in a way that doesn’t get in the way of business.

Get a Clear Picture of Your Security Posture

Until you know exactly what devices are accessing your data and how they are configured, you can’t be sure that you’re in control of your data. Getting Cyber Essentials certified gives you clear insight of where you stand.

Demonstrate That You Take Security Seriously

Cyber Essentials certification shows your staff, clients, and stakeholders that you’re serious about protecting their data. Further, certification is a requirement when bidding for many contracts, especially for public bodies, such as the NHS and the Government.

Increase Confidence

Show your clients and partners you are serious about Cyber Security and that your organisation can be trusted to handle their data.

Already Cyber Essentials Certified?

For a more rigorous assessment of the security of your network, your organisation can progress to Cyber Essentials Plus. This level of certification involves a series of checks on your devices, including vulnerability scans and secure configuration tests by cyber security experts to give your stakeholders reassurance that your security has been independently verified. 

Our expert team provides unlimited support throughout the certification process, ensuring your success.

Your Cyber Essentials Result Matters

It’s difficult to know where to start with Cyber Security. Becoming certified can seem like a daunting process, which is why we provide unlimited support, from start to finish. Our team won’t let you fail!

How we work

Step 1

We send you our Cyber Essentials questionnaire

Step 2

You fill in the details with help from our team

Step 3

We review your responses
to ensure you’re compliant

Step 4

We produce our report and issue your certificate!

Get Your Cyber Essentials Certification

Ready to get started? Speak to one of our team if you need more information.

What's Included with Cyber Essentials


1-9 users



per year


10 – 49 users



per year


50 – 249 users



per year


250 + users



per year

Ask us about spreading the cost with monthly payments at no extra cost

Looking to certify to Cyber Essentials and Cyber Essentials Plus? Save time and money with our combined package

Happy Clients

Supporting our clients with down to earth advice, explained simply, is our mission. Don’t just take our word for it though. Here are a handful of our testimonials from clients we work with.

"Expert and friendly support towards our achieving Cyber Essentials Plus certification. Clearly laid out the expectations for meeting the standards and navigated us through. Kept us on track even when business demands were pulling our attention elsewhere. Delighted to have the certification but our business gained a great deal from the journey too."

Lee Bartmanis, Head of Operations, Nurole

"I highly recommend Forensic Control to any organization seeking top-tier cyber security services. Their well-coordinated process, insightful guidance, and refreshing approach to cyber security set them apart. They are true experts in their field, and we are grateful for their invaluable contributions to our company's cyber security journey.
Five stars and a heartfelt thank you to Forensic Control and the entire team!"

Elon Schutze, Services Director, Know Why BV

"I highly recommend Forensic Control for any company embarking on their Cyber Essentials journey. From the moment we engaged with them, Jonathan and his team provided exceptional service, ensuring that we had all the necessary information and tailored advice specific to our company's needs. Their professionalism, knowledge, and commitment to their clients are truly exceptional. If you're looking for a reliable and highly competent partner to guide you through your Cyber Essentials journey, Forensic Control is the perfect choice."

Adam Maxwell, Security Specialist, Jisc

"I've had the pleasure of working with Jonathan on two occasions and on both times he has shown the utmost professional customer care. He was able to help us get our CE renewal over the line during out of hours just so there is no lapse between our CE. He's been very helpful in answering all my questions as I was leading the CE renewal for my company for the first time and it could not have been any easier."  

An Le, IT Security Analyst, Save the Children

“Highly recommended Forensic Control. From the very start of our CE+ journey, Jonathan was providing tremendous service to us in order to ensure we had all the necessary information and advice specific to our company. They was consistently providing clear and helpful guidance in order for us to best succeed with our certification and as such had a great outcome! Big thanks to Jonathan and Forensic Control.”

Christopher Price, Technical Operations Lead, Faculty

“We had our Cyber Essentials Plus certification done by Jonathan and his team. Quick responses and professional advice that went further than the scope. Brilliant service and aftercare. Going forward, we will be using Forensic Control services.”

Maris Hakman, The Royal Foundation

"Forensic Control is a firm of professional cyber security advisers who guided our organisation achieve a ISO equivalent i.e. IASME Gold Standard accreditation over an 18 month period. Their service added a lot of value to our IT Governance and overall organisational security awareness and competencies."

Selam Shibru, Bank Worker’s Charity

"Forensic Control have been professional, efficient and very responsive in any queries we had in regards to the company gaining it’s Cyber Essentials qualification. We are continuing to use their services to progress to Cyber Essentials Plus. Highly recommend”

Francesca MacLeod, Cordless Consultant

“We are a small company that relies on the security of our data. Forensic Control has been perfect at keeping us protected and up to date with all the latest trends. Very efficient when we have needed help.”

Andy Bibby, CEO 87%

Frequently asked Questions

 We’re here to help with any questions you have about plans, pricing and supported features.

Cyber Essentials

What Cyber Essentials?

Cyber Essentials is a UK government-backed scheme that helps organisations protect themselves from common online threats. It has five technical controls that cover the basics of cyber security. It demonstrates an organisation’s trustworthiness and reputation and is a requirement for some public sector contracts. It should be renewed annually.

There are two levels of certification: Cyber Essentials and Cyber Essentials Plus. To apply for certification, you can use an official Certification Body, of which Forensic Control is one.

How does the Cyber Essentials certification process work?

The Cyber Essentials certification process involves a straightforward assessment of your organisation’s adherence to key security controls. You will need to complete a self-assessment questionnaire to evaluate your implementation of controls in areas such as firewalls, secure configuration, user access control, malware protection, and patch management. The process is designed to be accessible and achievable for organisations of all sizes.

Optionally, you can undergo an external assessment for the Cyber Essentials Plus certification, which involves additional testing and verification.

What are the benefits to us of obtaining a Cyber Essentials certification?

Obtaining a Cyber Essentials certification offers numerous benefits for your organisation. Firstly, it significantly strengthens your cyber security defences by implementing essential controls that protect against common cyber threats. This certification also demonstrates your commitment to cyber security to clients, partners, and stakeholders, boosting their confidence in your ability to protect their data and information.

Cyber Essentials certification can provide a competitive edge in tender processes and open up new business opportunities, especially when dealing with government contracts or organisations that prioritise cyber security. Additionally, some cyber insurance providers may offer reduced premiums for organisations with Cyber Essentials certification.

Is Cyber Essentials mandatory for us?

Currently, Cyber Essentials certification is not mandatory for all organisations. However, it is increasingly becoming a requirement for certain public sector contracts and supply chain partnerships. Even if not mandatory, obtaining Cyber Essentials certification is highly recommended, especially if you handle sensitive data, work with government organisations, or operate in regulated industries. It demonstrates your commitment to cyber security best practices and helps you meet customer expectations regarding data protection and security.

Ultimately, Cyber Essentials certification enhances your organisation’s overall resilience against cyber threats and strengthens your reputation in the marketplace.

Who can obtain a Cyber Essentials certification?

Cyber Essentials certification is available to organisations of all sizes and across all sectors, including both public and private entities.

How long is a Cyber Essentials Certification valid for?

Cyber Essentials certification is valid for 12 months from the date of issue. To stay certified you’ll need to  renew your certification to ensure continued adherence to regularly updated security controls required by the Cyber Essentials standard. This helps organisations stay up to date with evolving cyber threats and maintain a strong security stance against them.

How long does it take to get Cyber Essentials certified?

This depends very much on you! You will need to answer approximately 80 questions, and then update your responses/systems following our feedback. We are usually able to respond to your queries and mark your answers within 24 hours of receiving them. Please note that you have a maximum of six weeks to complete Cyber Essentials from the date you get the question set. On average, we find that organsations take between 4 to 6 weeks to achieve Cyber Essentials, although of course this could be much quicker if you have the time to complete it sooner than this.

What is the difference between Cyber Essentials and Cyber Essentials Plus?

Cyber Essentials is a verified self-assessment certification that checks an organisation’s compliance of the Cyber Essentials standard,. Cyber Essentials Plus is a more rigorous certification that involves independent testing and verification of your business’s security measures by qualified assessors.