Cyber Essentials Certification
Protect your business from cyber threats by achieving Cyber Essentials certification, a UK government-backed scheme
Protect your business from cyber security threats
In an age where cyber threats are a constant risk and can come from anywhere, making sure you can demonstrate that you have taken precautions against the most common vulnerabilities and attacks is crucial.
To do this we help you to gain either the Cyber Essentials or Cyber Essentials Plus certifications as part of the UK government’s scheme.
With our expertise, you gain the confidence that you are taking the right steps to mitigate financial, legal, and reputational risks associated with cyber security breaches.
Our approach to Cyber Essentials certification
Gap analysis
We measure your existing controls against what is required by Cyber Essentials.
A clear roadmap to certification
We provide a clear road map on how to bridge the gaps and reduce the risks associated with a cyber breach.
Ongoing support
Provide ongoing guidance and assistance to ensure all elements of the assessment are being catered for.
Official certification
As an official IASME certification body, we issue both Cyber Essentials and Cyber Essentials Plus certifications.
Award-winning expertise
Our cyber security team continues to achieve multiple vendor certifications, highly respected industry accreditations and international accolades, demonstrating the breadth, depth and impact of their services.
What is the Cyber Essentials Scheme?
The UK government’s Cyber Essentials scheme is designed to help small and medium-sized organisations define and measure fundamental levels of cyber security.
It is based on five key controls – firewalls, secure configuration, access control, malware protection, and patch management – and defines technical and procedural controls to mitigate the risks associated with cyber threats.
Why choose LRQA for Cyber Essentials?
As an official IASME certification body, we issue both Cyber Essentials and Cyber Essentials Plus certifications which enable you to:
- Promote and demonstrate that they have undertaken essential precautions in minimising your cyber risk.
- Satisfy clients, suppliers, insurers and industry regulators including businesses tendering for government contracts.
- Gain assurance of the security posture of your IT systems and networks.
Our team will initially conduct a gap analysis to measure your existing controls against the requirements of Cyber Essentials. We will then provide a clear road map with tailored guidance and practical solutions if a security weakness is identified. Our streamlined annual renewal assessments maintain your valid certification over time as threats evolve.
Why work with us?
Specialist expertise
Unlike our competitors, our cyber essentials assessors are fully qualified cyber security consultants; holding multiple vendor certifications and accreditations as well as highly respected industry accreditations from CREST, the PCI SSC, ISC2, BCI, Chartered Institute of IT, and NCSC CHECK. Our consultants can offer sophisticated remediation advice if any issues arise. All our Cyber Essentials Basic assessors are also Cyber Essentials Plus qualified, meaning one consultant can assist you through your full compliance journey.
Industry leadership
We lead and shape industry on advisory boards and councils including the PCI SSC Global Executive Assessor Roundtable and CREST councils in the Americas, Asia, EMEA and the UK. We are certified by a range of governing bodies including the payment card industry and are approved as a Qualified Security Assessor.
Everywhere you are
Operating in over 55 countries, with more than 250 dedicated cyber security specialists and over 300 highly qualified information security auditors across the world, we can provide a local service with a globally consistent dedication to excellence.
Award winners
We have been recognised for the breadth and depth of our services – including the TEISS Award for Best Penetration Testing Service in 2024, Enterprise Threat Detection and Cloud Security awards at the Security Excellence Awards 2024 and the Stratus Award for Best Managed Cloud Security Service.
Cyber Essentials vs Cyber Essentials Plus: choosing what is right for you
The Cyber Essentials framework has two levels of certification, Cyber Essentials Basic and Cyber Essentials Plus:
- Cyber Essentials Basic is carried out through a self-assessment questionnaire that is completed by your IT staff to ensure that the principles of the framework have been implemented.
- Cyber Essentials Plus builds upon the basic self-assessment to offer extended assurance by verifying that the principles have been implemented. This is achieved through testing by an LRQA assessor.
Since Cyber Essentials Plus builds upon the basic self-assessment it is required that the plus certification is completed within 90 days of the basic.
Cyber Essentials Basic and Cyber Essentials Plus certifications are often required as part of contractual work. Even if not required now, achieving the Plus certification will ensure that your company is ready to work on contracts that require it, futureproofing your regulatory needs.
Cyber Essentials Plus assessment areas
The primary security controls that are assessed during a Cyber Essentials Plus assessment are:
- External perimeter scanning – establishing the exposure of internet-facing systems, presence of appropriately secure firewall controls and security posture of those systems
- Credentialed Patch Audit Scanning – Performing scanning of a sample of servers and workstations to ensure that all operating systems and software is supported and patches have been applied within the 14 day window.
- Malware Checks – Ensuring that malware protection is in place both on endpoints and email.
- Cloud MFA Checks – Checking that multi-factor authentication is in place for all cloud services.
Please note the above list is non exhaustive and testing may include other elements based on your environment.
The world leader in CREST accreditations
We are proud to be the only organisation in the world with a full suite of accreditations from The Council of Registered Ethical Security Testers (CREST).
Our team of consultants have achieved the highest accreditations for Penetration Testing, Red Teaming, Incident Response services and Threat Intelligence. In addition, we were also the first organisation to be CREST accredited for our Security Operation Centre services.
