Technology & Projects

Cyber Essentials FAQs

Questions and answers about the Cyber Essentials scheme and certification.

Cyber Essentials FAQs

Do certificates have an expiry date?

All new certifications will have a 12-month expiry date.

How much does it cost to get Cyber Essentials certification?

The cost of Cyber Essentials (verified self-assessment) follows a tiered pricing structure which adopts the internationally recognised definition for micro, small, medium and large enterprises.

The cost of a Cyber Essentials Plus audit is determined by the size and complexity of your network. If you have any questions, please contact Cloud Cover; we can offer help and guidance.

My organisation is not based in the UK. Can I still obtain Cyber Essentials certification?

Yes, organisations overseas are able to get certificates.

Is it necessary for me to first obtain Cyber Essentials before moving on to Cyber Essentials Plus?

As part of the Cyber Essentials Plus certification, you must pass the online Cyber Essentials assessment, which must be completed prior to the Cyber Essentials Plus assessment. You can also finish your Cyber Essentials Plus evaluation within three months of your previous Cyber Essentials certification.

How are Cyber Essentials assessments verified?

A member of the organisation’s board of directors signs a declaration confirming that the assessment answers are correct. The responses are subsequently evaluated by a certified assessor who works for a Certification Body.

If you pass, you will be given a certificate.

If you fail, you will be given feedback on which areas need to be improved if you want to reapply for Cyber Essentials certification or utilise the chance to improve your cyber security. If you have any questions, please contact Cloud Cover IT; we can offer assistance and guidance.

How quickly can I get certified to Cyber Essentials?

IASME always do their best to get the Cyber Essentials assessment results back to organisations as quickly as possible. It usually takes IASME 1 – 3 working days from the time you submit your assessment.

Do I need Cyber Essentials to bid for a Government contract?

Some government contracts may demand Cyber Essentials certification or the ability to verify that technical controls are in place.

Please first confirm with the government department their expectations regarding Cyber Essentials. Because requirements and exclusions differ by department, it is critical that you have the ability to seek clarification for each contract.

Cyber Essentials technical requirements update 2023

What happens if I get Cyber Essentials using the current question set and prerequisites, but then need to get Cyber Essentials Plus after April 24?

If you begin the Cyber Essentials process before April 24, your Cyber Essentials Plus assessment will be based on the same question set and requirements as your Cyber Essentials assessment. It must be finished within three months of the Cyber Essentials evaluation.

Are there any instances in which the present standards will continue to apply after the expiration date of October 24, 2023?

Yes. Because your Cyber Essentials Plus assessment must be completed within three months of starting the Cyber Essentials process, starting the Cyber Essentials process before April 24 may mean that you complete the Cyber Essentials Plus assessment after the expiry date of October 24, 2023.

Who was involved in updating the technical standard?

The NCSC and our Cyber Essentials delivery partner, the IASME Consortium, worked together to complete the update. Many of the modifications are the result of input from assessors and applicants. NCSC technical experts were also present.

Is there a grace period allowed this year?

There will be no grace period this time because this update does not include any significant modifications to the requirements and is lighter in touch than the April 2022 release. The NCSC website has information regarding the current grace period.

Other technical controls in my organisation do not meet the new Cyber Essentials criteria. Can I utilise these to get certified?

Cyber Essentials is prescriptive and other controls are not currently permitted. However, we are currently considering how we may be able to help organisations in this situation. This project is still in the development phase and further information will be available in time.

For how long are the certificates valid?

All new certificates issued by IASME will have a 12-month expiry date.

Talk to us about Cyber Essentials

Fill out the form and our team will get back to you within 24-48 hours.