The Cyber Essentials Scheme

What is the Cyber Essentials scheme?

The Cyber Essentials scheme is a UK government-backed framework supported by the NCSC (National Cyber Security Centre). It sets out five basic security controls that can protect organisations against 80% of common cyber attacks.

The scheme is designed to help organisations of any size demonstrate their commitment to cyber security – while keeping the approach simple and the costs low.

The certification process is managed by the IASME Consortium (IASME), which licenses certification bodies to carry out Cyber Essentials and Cyber Essentials Plus certifications.

Get Cyber Essentials certified

IT Governance makes Cyber Essentials accreditation easy. View our range of affordable certification options for Cyber Essentials and Cyber Essentials Plus.

Apply for Cyber Essentials

What are the benefits of Cyber Essentials? 

Prevent around 80% of cyber attacks

By correctly implementing the five basic security controls, the Cyber Essentials scheme will help you reduce the impact of such threats as:

  • Phishing attacks
  • Malware
  • Ransomware
  • Password-guessing attacks
  • Network attacks

Demonstrate supply chain security

Achieving Cyber Essentials certification will help you demonstrate your commitment to data protection and cyber security.

Win new business

Boost your reputation and attract new business by assuring customers you take cyber security seriously and have cyber security measures in place.

Work with the UK government and MOD

Cyber Essentials will permit you to work with the UK government and Cyber Essentials Plus will allow you to work with the MOD.

Be listed on the NCSC’s database

Cyber Essentials certificates issued in the previous 12 months will be displayed on the IASME website. This shows suppliers your commitment to protecting your and your customers’ data.

The NCSC (National Cyber Security Centre) has reviewed what influence Cyber Essentials has on cyber security attitudes and behaviours. It found:

  • 93% of certified organisations are confident that they are protected against common, Internet-based cyber attack.
  • 61% of certified organisations say they are more likely to choose suppliers with Cyber Essentials or Cyber Essentials Plus certification; and
  • Certified organisations are better prepared for cyber attacks, as they implement more security controls and are aware of the risks.

Learn more about the benefits of Cyber Essentials certification

What does Cyber Essentials cover?

Firewalls and routers

Create a barrier between your IT network and other networks to check if incoming traffic should be allowed on your network.

Learn more about firewalls

Software updates

Protect against vulnerabilities by keeping your devices and applications up to date.

 Learn more about patch management

Malware protection

Protect against viruses and other malware by using properly configured anti-malware software and only allowing trusted applications.

Learn more about malware protection

Access control

Manage access to administrator accounts to control who has access to your data and services.

Learn more about access controls

Secure configuration

Choose the most secure settings for your devices and software by changing passwords and removing unused accounts and software.

Learn more about secure configuration

Cyber Essentials – A guide to the scheme

Free green paper: Cyber Essentials – A guide to the scheme

Download this free green paper to discover what Cyber Essentials is, the benefits of certification, what you need to do to meet the scheme’s requirements, the difference between Cyber Essentials and Cyber Essentials Plus, and how the certification process works for both tiers of the scheme.

Download now

What’s the difference between Cyber Essentials and Cyber Essentials Plus?

Cyber Essentials Certification

Cyber Essentials

Cyber Essentials includes an SAQ (self-assessment


Cyber Essentials is right for you if:

You want a base-level security certification to demonstrate that you have key controls in place.

Get started

Cyber Essentials Plus Certification

Cyber Essentials Plus

Cyber Essentials Plus includes a technical audit of the systems that are in scope for Cyber Essentials. It consists of an external vulnerability assessment, an internal scan, mobile screenshots, user testing on sample devices and evidencing MFA on cloud services.

Cyber Essentials Plus is right for you if:

  • You are required to have a more in-depth audit of the key controls you have in place
  • Your employees work from remote locations, or third parties have access to your premises or IT

Get started

How to achieve Cyber Essentials certification

Our simple five-step methodology:



Define the scope

Certification can apply to an organisation’s full enterprise IT or just to a subset. Either way, the scope needs to be clearly defined before the certification process can get underway.



The next step is to complete the questionnaire. We review the completed SAQ before submission to check it meets the scheme’s requirements. Successful applications are issued a Cyber Essentials certificate.


Technical Assessment

Organisations seeking certification to Cyber Essentials Plus will be required to go through a technical audit. This will include a series of internal vulnerability scans and tests of the in-scope system(s) and the SAQ.


External scan

An external vulnerability scan of your Internet-facing networks and applications is used to verify that there are no obvious vulnerabilities. As the tests are external, they are performed off-site.


Certification (Plus)

Once the assessment, internal scan and external scan are finished, you will get your Cyber Essentials Plus certificate.

Why choose IT Governance as your Cyber Essentials partner?

  • IT Governance is one of the founding Cyber Essentials certification bodies and remains one of the largest in the UK, issuing more than 7,000 certificates.
  • Our Cyber Essentials services have received a ‘World-Class’ NPS (Net Promoter Score) of +100.
  • With a large team focused on Cyber Essentials, we offer same-day turnaround on your certificates.
  • We have a 98% customer success rate.
  • We offer everything you need to get Cyber Essentials certification, such as documentation, scanning, and assessments.
  • One-to-one support included as standard in all our packages.
  • End-to-end support – we deliver all the technical tests and assessments, conducted by our experienced technical testers.
  • Tailored solutions – our unique fixed-price bundles provide expert support and compliance tools at affordable rates.
  • Credentials – our consultants are qualified, cyber security practitioners.
  • Unrivalled expertise – we have the knowledge and insight to help you take the next steps beyond Cyber Essentials.

Get started

We’ve helped thousands of organisations like yours achieve Cyber Essentials certification

This website uses cookies. View our cookie policy
SAVE 10%