What we assess
What your Cyber Essentials+ test covers
We run the independent, hands-on verification Cyber Essentials Plus requires across all five technical controls, formatted so your assessor can act on it directly.
Firewalls & Gateways
Whether your boundary firewalls are configured to block untrusted traffic.
We test for
- Boundary firewall configuration
- Default rule review
- Exposed service testing
- Remote access controls
Secure Configuration
Whether systems are hardened and free of unnecessary, exploitable defaults.
We test for
- System hardening
- Default account and password checks
- Unnecessary services
- Auto-run and software controls
Access Control
Whether user accounts and privileges are properly managed and restricted.
We test for
- User account management
- Least privilege
- Administrative account controls
- Authentication checks
Malware & Patching
Whether malware protection is effective and systems are kept up to date.
We test for
- Malware protection verification
- Patch and update status
- End-of-life software
- Email and web protection
How it works
How your engagement runs
From scope through the final retest, your team stays in the loop at every step,
with findings tracked live in our platform.
- 01
CE baseline
You first complete the self-assessed Cyber Essentials baseline questionnaire.
- 02
Scope & plan
We agree the in-scope systems, the device sample set, and a testing timeline.
- 03
Verification
Our assessor runs the independent internal and external testing Plus requires.
- 04
Certify
An assessor-ready evidence pack, plus a free retest of any failed checks.
Resources
Field notes from the offensive side
Offense in Depth in Red Team Operations
Defense in depth layers protection. Offense in depth layers attack paths so a red team still reaches its objective when one route fails. Here is how it works.
Security Between Penetration Tests
An annual pentest covers two weeks and leaves fifty uncovered. Here is how to secure the rest of the year without waiting for the next scheduled engagement.
The Limits of AI in Penetration Testing
AI is changing penetration testing, but it will not replace human testers. Here is what it does well, where it falls short, and why judgment still wins.
Want to see a real report first?
Request a redacted sample report before you scope an engagement.
FAQ
Frequently asked questions
What teams most often ask before
Cyber Essentials+ testing.
01What is the difference between Cyber Essentials and Cyber Essentials Plus?
Cyber Essentials is a self-assessment. Cyber Essentials Plus adds an independent, hands-on technical audit of your systems against the same five controls. We perform that technical verification to the standard your certification body expects.
02How long does the assessment take?
Most assessments are completed within a few days depending on the size of your estate and sample set, followed by an evidence pack and a complimentary retest of any failed checks before your deadline.
03What happens if we fail a control?
We give you a prioritized remediation list and a complimentary retest, so you can close the gaps and certify without starting over.