Cyber Essentials Scheme

Cyber Essentials

Cyber Essentials is a government-backed, industry-supported scheme to help protect organisations against common cyber-attacks.

Cyber Essentials was developed as a simple prescriptive formula based on evidence of the attacks.

By design, the scheme addresses the most common Internet-based threats to cyber security—particularly attacks that use widely available tools and demand little skill, such as hacking, phishing, and password guessing.

Get Started |

Sapphire and Cyber Essentials

Sapphire makes it easy for companies to gain Cyber Essentials self-assessment and Cyber Essentials Plus accreditation.

We work closely with organisations to understand their challenges and concerns and provide recommendations and guidance to achieve certification.

Cyber Essentials Plus Assessment

The Cyber Essentials Plus assessment is a more comprehensive detailed security audit that can result in a PASS or FAIL. Anything that is not internet-facing can be excluded from the scope. Think vulnerability assessment meets audit without a formal penetration test. The five areas we cover as part of a Cyber Essentials Plus assessment are:

Boundary firewalls and Internet Services

Secure Configuration

User Access Control

Malware Protection

Patch Management

cyber essentials

Why Sapphire?

Detailed: We evaluate and refine the five controls that protect against the most common enterprise attacks: access and privilege management, network configurations, patch management, malware protection, and perimeter security.

Trusted: Receiving approved certification of cyber security capabilities improves your appeal as a ‘trusted supplier’ for large companies and is now a must for many Government contracts.

Experienced: The organisation will be guided through the process by a team with over 25 years of cyber experience, securing some of the world’s largest companies at a competitive price.

cyber essentials

IASME Cyber Assurance

The Information Assurance for Small to Medium-sized Enterprises (IASME) Cyber  Assurance is a structured way for an organisation to implement and improve the way it secures information and offers assurance to the government, regulators, customers and vendors regarding its posture.

IASME Cyber Assurance is designed to guide the SME where needed and then assess their level of maturity.

IASME Cyber Assurance is designed to guide the SME where needed and then assess their level of maturity.

External Testing

Test whether an Internet-based opportunist attacker can hack into the applicant’s system with typical low-skill methods.

Internal Testing

These tests assess defence against attacks that originate externally but involve some form of an internal user action, or which are difficult to test directly from the Internet.

Authenticated Vulnerability Scan of Devices

Identify missing patches and security updates that leave vulnerabilities that threats within the scope of the scheme could easily exploit.

Check Malware Protection on EUD

To check that all of the EUDs in scope benefit from at least a basic level of malware protection.

Check the Effectiveness of EUD defenses – Email

To test whether or not EUDs are protected against malware that is delivered via email attachments.

Check the Effectiveness of EUD defences – Website

To test whether or not EUDs are protected from malware delivered through a website.

Frequently Asked Questions (FAQs)

Cyber Essentials is a Government-backed scheme that provides a clear idea of the basic controls businesses should implement.

The National Cyber Security Centre developed Cyber Essentials to protect businesses from 80% of all basic cyber security threats. A Cyber Essentials certification proves an organisation’s credibility and trustworthiness to suppliers and partners.

a) Cyber Essentials
This foundation-level certification is designed to provide a self-assessment of the basic controls an organisation requires to mitigate risk from common cyber threats.

b) Cyber Essentials Plus
Cyber Essentials Plus involves both internal and external tests of your network and computers. It will involve a visit to your site and provide more assurance that you comply with the Cyber Essentials Scheme than the basic self-assessment level.

Because of the increased complexity of Cyber Essentials Plus, it is offered alongside additional support, including an on-site assessment and dedicated help desk support.

The standard Cyber Essentials accreditation requires organisations to fill in an online questionnaire and costs less to complete.

All certificates have a 12-month expiry date.

The cost of the Cyber Essentials self-assessment certification is £300 + VAT.

The cost of the Cyber Essentials Plus certification is based on the complexity and size of an organisation.

Yes, the certification is also issued to overseas organisations.

For a business to become Cyber Essentials self-certified, it takes between 1-3 working days from the time of submission. However, organisations with a tight deadline can also contact the issuing body to fast-track the approval process.

A typical CE+ assessment is 3-5 days and as Sapphire are an IASME approved Certification Body, the certificate is available on completion of an audit.

An organisation has 90 days to pass CE+ on completion of Cyber Essentials basic.

Yes, some government contracts stipulate applicants are Cyber Essentials Certified.