What is the difference between Cyber Essentials and Cyber Essentials Plus?

Cyber Essentials is self-assessed via a questionnaire verified by a certification body. Cyber Essentials Plus includes all of that plus an independent technical assessment where an assessor verifies controls through vulnerability scanning and testing.

How long does certification take?

Cyber Essentials can typically be achieved within a few days to weeks, depending on your existing security posture. The self-assessment questionnaire takes 1-2 hours to complete once controls are in place.

Is Cyber Essentials recognised outside the UK?

Cyber Essentials is a UK government scheme and primarily recognised within the UK. However, it demonstrates a baseline of cybersecurity hygiene that is valued internationally, and it can be a stepping stone to more comprehensive frameworks like ISO 27001.

All Frameworks

5 Controls

Cyber Essentials

UK Government Cyber Essentials

Cyber Essentials is a UK government-backed certification scheme that helps organisations protect against the most common cyber attacks. It covers five key technical security controls that form the foundation of good cyber hygiene for any organisation.

Start Free Trial Request Demo

Ideal For

UK BusinessesGovernment SuppliersSMEsStartups

What is Cyber Essentials?

Cyber Essentials is a UK government-backed certification scheme that helps organisations protect against the most common cyber attacks. It covers five key technical security controls that form the foundation of good cyber hygiene for any organisation.

Cyber Essentials is applicable to any UK organisation. It is mandatory for all UK government contracts involving the handling of sensitive or personal information, and for contracts involving the supply of certain technical products and services. Many private-sector organisations also require suppliers to hold Cyber Essentials certification.

Key Requirements

Core areas of Cyber Essentials that organisations must address.

Firewalls — configure boundary firewalls and internet gateways

Secure Configuration — remove or disable unnecessary services

User Access Control — control who has access to data and services

Malware Protection — protect against viruses and other malware

Patch Management — keep devices and software up to date

How GRCTrack Supports Cyber Essentials

5 key security controls

Self-assessment questionnaire

Government contract requirement

Insurance benefits

Annual certification

Clear implementation guidance

Government Contracts

Required for many UK government contracts.

Insurance Benefits

May qualify for cyber insurance benefits.

Quick Certification

Achieve certification rapidly.

Frequently Asked Questions

Ready to Simplify Cyber Essentials Compliance?

Join hundreds of organisations using GRCTrack to manage compliance.

Start Free Trial View All Frameworks