Cyber Essentials is the foundation level and is an independently verified self-assessment. You complete an online assessment questionnaire which is approved by a Senior Executive of your business. Upon submission, we will independently review and confirm your responses.
From: £295.00 / year
Cyber Essentials is the foundation level and is an independently verified self-assessment. You complete an online assessment questionnaire which is approved by a Senior Executive of your business. Upon submission, we will independently review and confirm your responses. If successful, we will award you the requisite certificate and badge that you can display on your company website. The cost of Cyber Essentials certification is fixed by IASME so beware of those charging higher prices. Cyber Essentials is followed by Cyber Essentials Plus for those who desire to prove a higher level of security.
The simplest way to think of the Cyber Essentials scheme is to think of it as a Cyber Security MOT for your business or organisation. You have to fulfil specific requirements to pass successfully, and your assessor will confirm whether you meet these.
For Cyber Essentials, that ‘assessor’ is called a Certification Body. Hedgehog Security is one of those certification bodies approved by IAMSE to deliver Cyber Essentials and Cyber Essentials Plus, as well as the maritime version of Cyber Essentials, the Maritime Cyber Baseline and the Internet of Things (IOT) standard. They have the official qualifications needed to certify you for Cyber Essentials – that is, as long as your organisation ticks all the boxes. A large portion of the assessment is a self-assessment questionnaire, and it is these answers that will determine whether you pass or fail. The questionnaire is updated annually, so if you already have your Cyber Essentials certification and you are renewing, don’t expect to be able to simply submit the answers from the previous year either.
Once you show you have all the necessary processes, policies, and controls (we have a lot of free-to-use templates here), you’ll achieve the Cyber Essentials certification so you can demonstrate your commitment to Cyber Security to your clients, partners, and suppliers. Most importantly, you’ll feel more confident that you’re secure and protected.
Certification Bodies are an essential part of achieving your Cyber Essentials certificate. But what exactly are they, and how do you find one? Certification Bodies operate under the IASME Consortium, which became the sole accreditation body on the 1st of April 2020. Before, there were five accrediting bodies with varying methodologies, but the government decided to appoint only one.
IASME works with and oversees several Certification Bodies across the country, including Hedgehog Security, and each Certification Body has qualified assessors who can certify businesses and organisations for Cyber Essentials. You can visit IASME’s website to see a complete overview of all the Certification Bodies.
|Size of Business||
Micro (0-9 employees), Small (10-49 employees), Medium (50-249 employees), Large (250+ employees)
Changes to the Cyber Essentials scheme in 2022
Cyber Essentials is a UK government scheme designed to help organisations of all sizes guard themselves against the most common Internet-based cyber security threats and demonstrate their commitment to cyber security. From 1 April 2020, the IASME Consortium (IASME) became the Cyber Essentials partner with the NCSC (National Cyber Security Centre). On January 24th 2022, some of the technical control requirements changed in line with recommended security updates to reflect the changing cyber threats in today’s digital environment.
What is required for certification to Cyber Essentials?
Organisations complete the IASME self-assessment questionnaire (SAQ). This must be verified and signed off by a member of the board or an equivalent signatory. It is then independently verified by a certification body such as ourselves, trained and licensed to certify against the government’s Cyber Essentials scheme.
How long will it take between submitting our online SAQ and receiving our certificate?
For Cyber Essentials, it is possible to get from application to certification within a day, depending on your current security setup and speed of action. However, most organisations take about a fortnight to complete the assessment.
What can we expect from the Cyber Essentials application process?
Your Cyber Essentials package will be automatically fulfilled on purchase and within 2 hours you will have access to the central certification portal. You will:
- Receive your login credentials to the email address you provided.
- If you have opted for some support hours, we contact you to arrange the support.
- Once you have access to the IASME portal, you can define your scope and complete the SAQ.
- Confirm all answers provided in the assessment have been approved at the board level or equivalent.
Once you have submitted your answers, the assessment is marked by one of our Cyber Essentials assessors, who will provide feedback on the result.
If the result is a ‘pass’:
- A Cyber Essentials certificate will be issued for you to download from the IASME portal, along with a copy of your assessment and branding information on how you can display your certification mark. If you opted for free cyber insurance and qualify, this will also be included.
- The Cyber Essentials certification process is complete, and your certificate is valid for 12 months.
If the result is a ‘fail’ or ‘more information’:
- Review the feedback provided by your assessor. If you have purchased a Cyber Essentials package that includes consultancy support and you have support time remaining, one of our cyber security experts can help you understand how to address any non-compliant areas.
- You have two working days to resubmit your updated SAQ along with a newly signed declaration approved at board level or equivalent.
- If you receive a second fail or do not resubmit within two working days, you will need to buy a new package and complete the process again.
You have six months from the purchase date to complete your application. IASME manages the archiving of applications and you will need to purchase a new package to continue.
Can we still use Windows 7?
No, this would be regarded as an instant fail as the software is unsupported (both went End of Life in January 2020). In circumstances where your organisation has paid for Extended Security Updates (ESU) from Microsoft for every device that is unsupported, this will be considered permissible as technically the software is supported.