What is Cyber Essentials and Cyber Essentials Plus certification?

The certification body is the I.A.S.M.E. which stands for ‘Information Assurance for Small and Medium Enterprises Consortium’.

The Cyber Essentials scheme has been around since 2014 but increasingly, it’s a requirement for those tendering for private and Government contracts.

In the past 8 years since the first assessments, the number of areas covered and the detail needed has increased dramatically in an effort to ensure that suppliers are looking after their data.

These year-on-year changes have resulted in Cyber Essentials certification being far more valued.

The aim of the scheme is not just accreditation (as that is not going to stop cyber-attacks), it also aims to improve best practices with regards to processes, procedures and technical requirements that should be put in place to protect infrastructure.


The scope has also changed quite a bit as working habits have changed dramatically since the pandemic.

Because more people are now working remotely, new sections were added to the assessment in January 2022 to cover WFH and cloud services alongside updates to other sections. 

The current technical sections are:

– Boundary firewalls and internet gateways

– Secure configuration

– Access control

– Malware protection

– Patch management

These sections all have a number of questions to complete in addition to a short statement by way of evidence.

Cyber Essentials

The standard Cyber Essentials certificate is a self-assessment which is filled out and then given to a Cyber Essentials Assessor who will supply feedback on the sections that need to be addressed before the accreditation is issued.

There are no checks to ensure you have answered the questions honestly.

Cyber Essentials Plus

The assessment for the Cyber Essentials Plus is the same as Cyber Essentials, but it also includes independent validation by an accredited third party.

A clear commitment to security

Basic Cyber Essentials certification is a very good start. It shows that cyber security is being taken seriously and has been thought about in terms of how threats can be protected against.

Because it involves verification from an accredited security specialist, Cyber Essentials Plus is quickly becoming the de facto standard to show that security levels have been officially verified.

Organisations in the private sector now tend to expect Cyber Essentials Plus certification from suppliers and most public sector contracts require it these days.

Professional associations within industries like the Law Society and the Financial Conduct Authority are also actively endorsing and recommending Cyber Essentials. 

Vulnerability can mark you out as a target for unwanted cybercriminal attention, so attackers tend to be looking for companies which don’t have Cyber Essentials certification.

In any case, Cyber Essentials certification gives a clear picture of an organisation’s commitment to security.

Are you in need of IT Support?

Itek provides IT solutions for your entire IT infrastructure. Your business can experience a cost-effective service at a predictable fixed rate, removing the burden from you and your team and freeing you to focus on your goals.

The Itek Newsletter

Sign up for our weekly newsletter, follow along with tips and tricks as well as best practices straight to your inbox.