Cyber Essentials FAQs

Speak to an expert

IT Governance is one of the founding Cyber Essentials certification bodies and remains one of the largest in the UK, issuing more than 6,600 certificates.

If you’re looking for guidance, practical advice or consultation on Cyber Essentials, we can help.

General information about the scheme

Changes to the Cyber Essentials scheme in 2022

Why should we get a Cyber Essentials certificate?

What is required for certification to Cyber Essentials?

What is required for certification to Cyber Essentials Plus?

Who will conduct the assessments for Cyber Essentials and Cyber Essentials Plus?

How long will it take between submitting our online SAQ and receiving our certificate?

Application process

What can we expect from the Cyber Essentials application process?


Where can we display our Cyber Essentials certificate?

How do we renew our Cyber Essentials certificate?

Guidance about the certification process

Cyber Essentials Certification

How can I get more guidance about the certification process?

Defining the scope

How do we define the scope?

How do we determine IP addresses? (Cyber Essentials Plus only)

What should we do if we have more than 16 IP addresses?

How do we determine how many workstations, mobile devices and build types need to be tested for Cyber Essentials Plus?

What should we do if we have more than ten sample devices?

Vulnerability scanning

Why must we have vulnerability scans/penetration tests provided by a third party?

Cyber Essentials and ISO 27001 certification

Should we apply for a Cyber Essentials badge in addition to our ISO 27001 certification?

Can Cyber Essentials replace ISO 27001?

Which should we start first: Cyber Essentials, ISO 27001, or both at the same time?

This website uses cookies. View our cookie policy
SAVE 10%