What is Cyber Essentials?

The Cyber Essentials scheme is a UK government backed cybersecurity certification programme that helps organisations, of all sizes, protect themselves against common online threats. It provides a framework of basic cybersecurity controls that organisations can implement to improve their overall cybersecurity posture and reduce the risk of cyber- attacks.

The scheme consists of two levels of certification: Cyber Essentials and Cyber Essentials Plus. To achieve Cyber Essentials certification, an organisation must complete a self-assessment questionnaire and have their responses independently verified by a certification body. The questionnaire covers five key areas of cybersecurity: boundary firewalls and internet gateways; secure configuration; access control; malware protection; and security update management.

To achieve Cyber Essentials Plus certification, an organisation must undergo a more rigorous assessment that includes vulnerability scanning and security configuration testing. This level of certification provides a higher level of assurance that the organisation has implemented effective
cybersecurity controls.

What are the benefits?

There are several reasons an organisation may wish to become Cyber Essentials certified:

The certification process helps organisations to identify and implement basic cybersecurity controls that can protect them against a range of common online threats, for example: phishing attacks, malware, and hacking attempts.

Cyber Essentials certification demonstrates to customers and partners that an organisation takes cybersecurity seriously and has taken steps to protect their sensitive information.

Organisations that hold Cyber Essentials certification may have a competitive advantage over those that do not, as it can be a requirement for certain contracts and tenders, especially in the public sector.

Some insurance companies offer reduced premiums for organisations that have Cyber Essentials certification, as it indicates that the organisation has taken steps to mitigate the risk of cyber-attacks.

Compliance with the Cyber Essentials scheme can help organisations to meet the requirements of certain regulations, such as the UK’s General Data Protection Regulation (GDPR) and the Payment Card Industry Data Security Standard (PCI DSS).

Cyber Essentials certification can give organisations and their stakeholders peace of mind, knowing they have taken steps to protect their sensitive information and reduce the risk of cyber-attacks.

How do I get started?

  • Read the Cyber Essentials Requirements for IT Infrastructure document to learn about the requirements.
  • Speak to our team for impartial guidance on requirements, process, or next steps.
  • Check out our Cyber Essentials Gap Analysis.

Cyber Essentials Gap Analysis

Understanding your current state and comparing it to a new accreditation can be tricky, so we’ve simplified this with our Cyber Essentials Gap Analysis.

The objective of the gap analysis is to identify key remediation tasks that will need to be implemented to ensure the organisation meets the requirements of the standard and achieve certification. It comprises a remote workshop session, a documentation review, an asset review, a one-off external vulnerability scan, and internal agent-based authenticated patch audit. It will be accompanied by a report that will highlight compliance against all areas of the Cyber Essentials standard.

Why Evolve North for Cyber Essentials?

We are a Cyber Essentials Certification Body, with assessors backed by a range of IT Security and Information Governance skills. This means we are expertly placed to support every stage of your Cyber Essentials journey, from Gap Analysis, Application, Remediation and Renewal.

Get in touch with us to discuss Cyber Essentials, or visit our dedicated Cyber Essentials website, www.cybertoolkit.co.uk

Talk to a specialist now – call 01748 905 002.


Evolve North works across a wide range of differing industries throughout the UK and Europe in both public, private and voluntary sectors.