Skip to main content
Back to News

Cyber Essentials and Cyber Essentials Plus

4th December, 2023

Cyber Essentials and Cyber Essentials Plus are cybersecurity certifications designed to help organisations establish and verify basic security controls and best practices.

Obtaining both Cyber Essentials and Cyber Essentials Plus certifications can be beneficial for organisations, as they provide different levels of cybersecurity assurance and serve distinct purposes.

The UK government developed these schemes to help organisations, both in the public and private sectors, improve their cybersecurity position. They aim to provide a baseline level of cybersecurity assurance and promote good cybersecurity practices.

Cyber Essentials

Objective: Cyber Essentials aims to assist organisations in protecting themselves against common cyber threats.

Self-Assessment: Organisations must complete a self-assessment questionnaire, answering a set of security questions related to their cybersecurity practices and technical controls.

Scope: The certification focuses on five key areas of cybersecurity controls: firewall configuration, secure configuration, user access control, malware protection, and patch management.

Validation: The self-assessment is submitted to a certification body for review. Once the certification body confirms that the organisation meets the required security criteria, it receives the Cyber Essentials certificate.

Benefits: Cyber Essentials certification demonstrates a commitment to basic cybersecurity best practices and can be a requirement for doing business with government agencies and many private sector organisations. It also helps improve an organisation’s cybersecurity posture.

Cyber Essentials Plus

Objective: Cyber Essentials Plus is a more advanced certification that includes a higher level of assurance compared to Cyber Essentials.

External Testing: In addition to the self-assessment questionnaire used for Cyber Essentials, Cyber Essentials Plus involves external testing. A qualified and accredited cybersecurity professional performs vulnerability scans and tests on an organisation’s network and systems to verify the security controls are effectively in place.

Scope: It covers the same five key areas as Cyber Essentials but includes more thorough testing to ensure that the controls are working effectively.

Validation: After successfully passing the external tests, the organisation receives the Cyber Essentials Plus certification.

Benefits: Cyber Essentials Plus provides a higher level of assurance and validation of an organisation’s cybersecurity measures. Organisations or government agencies often require it for more critical and sensitive contracts and partnerships.

Cyber Essentials and Cyber Essentials Plus are cybersecurity certifications designed to help organisations establish and verify basic security controls and best practices.

Cyber Essentials Plus offers a higher level of assurance by including external testing, making it suitable for organisations with more complex security needs or those dealing with highly sensitive data. Both certifications help organisations enhance their cybersecurity posture, reduce cybersecurity risks, and demonstrate their commitment to security to potential clients and partners.

If you’re seeking assistance in navigating the cybersecurity landscape, consider reaching out to Riven.

We prioritise understanding, planning, and adapting to any changes that may impact your environment.

Feel free to contact us at 01784 437 123 or via email at enqs@rivenassociates.co.uk.

Additionally, you can sign up for our monthly newsletter to stay updated on the latest cybersecurity insights and strategies.

Related articles

Unplugged: How One Software Glitch Brought Global Business to Its Knees

Learn how the 2024 CrowdStrike outage impacted businesses globally & discover key strategies to protect your company.

Read More

Powering Business Growth: The Transformative Role of Technology

Discover how embracing technology is essential for business growth in today's competitive landscape. From boosting efficiency and productivity to enhancing customer experience and driving innovation, technology is reshaping how businesses operate. Learn how smart tech strategies can help you scale, make data-driven decisions, and secure your digital assets, positioning your company as a leader in…

Read More

When Systems Crash, Is Your Business Ready to Bounce Back?

Recent high-profile IT outages highlight the critical need for reliable infrastructure and effective recovery planning in businesses. These incidents can cause severe operational, financial, and reputational damages. To mitigate risks, we urge companies to adopt proactive IT management approaches or partner with experienced service providers, ensuring robust monitoring, security, and recovery strategies to maintain business…

Read More

Understanding NPS Scores: A Key Metric for Business Success 

Have you ever wondered how loyal your customers truly are? The Net Promoter Score, or NPS, provides a clear answer. This metric asks a simple yet powerful question: "On a scale of 0 to 10, how likely are you to recommend us?" 

Read More