Get in Touch Close Menu

Cyber Essentials Scheme & IASME Governance

Sapphire makes it easy for companies looking to gain Cyber Essentials self-assessment and Cyber Essentials Plus accreditation. We work closely with organisations to understand their individual challenges and concerns to provide recommendations and guidance to achieve certification.

  • External Testing
  • Internal Testing
  • Authenticated Vulnerability Scan of Devices
  • Check Malware Protection on EUDs
  • Check the Effectiveness of EUD Defences – Email
  • Check the Effectiveness of EUD Defences – Website

External Testing

Test whether an Internet-based opportunist attacker can hack into the applicant’s system with typical low-skill methods.

Internal Testing

These tests assess defence against attacks that originate externally but involve some form of an internal user action, or which are difficult to test directly from the Internet.

Authenticated Vulnerability Scan of Devices

Identify missing patches and security updates that leave vulnerabilities that threats within the scope of the scheme could easily exploit.

Check Malware Protection on EUDs

To check that all of the EUDs in scope benefit from at least a basic level of malware protection.

Check the Effectiveness of EUD Defences – Email

To test whether or not EUDs are protected against malware that is delivered via email attachments.

Check the Effectiveness of EUD Defences – Website

To test whether or not EUDs have protection from malware delivered through a website.

1. What is Cyber Essentials?

Cyber Essentials is a Government-backed scheme that provides a clear idea of the basic controls that businesses should implement.

Developed by the National Cyber Security Centre, Cyber Essentials was designed to protect businesses from 80% of all basic cybersecurity threats. Having a Cyber Essentials certification also proves to suppliers and partners an organisation’s credibility and trustworthiness.

a) Cyber Essentials
This is a foundation-level certification specifically designed to provide a self assessment of basic controls an organisation requires to mitigate risk from different common cyber threats.

b) Cyber Essentials Plus
Cyber Essentials Plus involves both internal and external tests of your network and computers. It will involve a visit to your site and provides more assurance that you are complying with the Cyber Essentials Scheme than the basic self-assessment level.

2. What is the difference between Cyber Essentials Plus and Cyber Essentials?

Because of the increased complexity of Cyber Essentials Plus, it is offered alongside additional support, including an on-site assessment and dedicated help desk support.

The standard Cyber Essentials accreditation requires organisations to fill in an online questionnaire and costs less to complete.

3. Does Cyber Essentials have an expiry date?

All certificates have a 12-month expiry date.

4. How much is the Cyber Essentials certification?

The cost of the Cyber Essentials self-assessment certification is £300 + VAT.

The cost of the Cyber Essentials Plus certification is based on the complexity and size of an organisation.

5. Is it valid for organisations outside the UK?

Yes, the certification is also issued to overseas organisations.

6. How long does it take to get certified?

For a business to become Cyber Essentials self-certified, it takes between 1-3 working days from the time of submission. However, organisations with a tight deadline can also contact the issuing body to fast-track the approval process.

A typical CE+ assessment is 3-5 days and as Sapphire are an IASME approved Certification Body, the certificate is available on completion of an audit.

An organisation has 90 days to pass CE+ on completion of Cyber Essentials basic.

7. Do Cyber Essentials certified organisations stand a better chance of winning Government contracts?

Yes, some government contracts stipulate applicants are Cyber Essentials Certified.