Skip to content

Compliance

Cyber Essentials+
Certification

What we assess

What your Cyber Essentials+ test covers

We run the independent, hands-on verification Cyber Essentials Plus requires across all five technical controls, formatted so your assessor can act on it directly.

Firewalls & Gateways

Whether your boundary firewalls are configured to block untrusted traffic.

We test for

  • Boundary firewall configuration
  • Default rule review
  • Exposed service testing
  • Remote access controls

Secure Configuration

Whether systems are hardened and free of unnecessary, exploitable defaults.

We test for

  • System hardening
  • Default account and password checks
  • Unnecessary services
  • Auto-run and software controls

Access Control

Whether user accounts and privileges are properly managed and restricted.

We test for

  • User account management
  • Least privilege
  • Administrative account controls
  • Authentication checks

Malware & Patching

Whether malware protection is effective and systems are kept up to date.

We test for

  • Malware protection verification
  • Patch and update status
  • End-of-life software
  • Email and web protection

How it works

How your engagement runs

From scope through the final retest, your team stays in the loop at every step, with findings tracked live in our platform.

  1. 01

    CE baseline

    You first complete the self-assessed Cyber Essentials baseline questionnaire.

  2. 02

    Scope & plan

    We agree the in-scope systems, the device sample set, and a testing timeline.

  3. 03

    Verification

    Our assessor runs the independent internal and external testing Plus requires.

  4. 04

    Certify

    An assessor-ready evidence pack, plus a free retest of any failed checks.

FAQ

Frequently asked questions

What teams most often ask before Cyber Essentials+ testing.

Still have questions?
01What is the difference between Cyber Essentials and Cyber Essentials Plus?

Cyber Essentials is a self-assessment. Cyber Essentials Plus adds an independent, hands-on technical audit of your systems against the same five controls. We perform that technical verification to the standard your certification body expects.

02How long does the assessment take?

Most assessments are completed within a few days depending on the size of your estate and sample set, followed by an evidence pack and a complimentary retest of any failed checks before your deadline.

03What happens if we fail a control?

We give you a prioritized remediation list and a complimentary retest, so you can close the gaps and certify without starting over.

Ready to test your defenses?

Talk to our team about what your Cyber Essentials+ compliance requires.

Get a Fixed-Scope Quote

Tell us what you need tested. We reply within one business day.