The controls required to be in place for Cyber Essentials Plus are the same as for Cyber Essentials, except this time an assessor will do a professional evaluation of the infrastructure to ensure all of the Cyber Essentials controls are in place.

Cyber Essentials Plus still has the same simplistic approach as seen with Cyber Essentials. For both certifications the level of security measures you need to put in place are the same, however for Cyber Essentials Plus a hands-on technical verification is carried out.

This higher degree of assurance entails completing the online evaluation and then doing a technical audit of the Cyber Essentials eligible applications. A representative collection of user devices, all internet gateways, and all servers with resources open to unauthenticated internet users are included in this.

Your assessor will assess components such as:
Antivirus in place
Malware protection
Identification of network vulnerabilities
Up to date software and patching

You will need to complete your assessed Cyber Essentials Plus audit within three months of your Cyber Essentials basic certification. Your assessor will often visit your place of operation and a sample of your other offices in order to carry out the tests, however it is possible to conduct such assessments remotely should there be an operational requirement to do so.

By having a Cyber Essential Plus Certification you will be able to:
  • Reassure customers that you are working to secure your IT against cyber attack
  • Attract new business with the promise you have cyber security measures in place
  • You have a clear picture of your organisation’s cyber security level
  • Some Government contracts require Cyber Essentials certification