Cyber Essentials Certification for UK Businesses

End-to-End Certification, Handled For You

Full Certification

We handle every step of your CE Plus certification — from initial gap analysis through to successful examination and IASME certification.

Complete Protection

Our service includes all licensing, technical testing, vulnerability scanning and remediation — everything you need under one roof.

Guaranteed Support

We guide you through every Cyber Essentials requirement, fix any issues we find, and ensure thorough Cyber Essentials preparation before examination day. No surprises.

End-to-End Service

Key Controls Covered

Years IT Security Experience

Hidden Costs or Extras

Cyber Essentials Plus is the UK government-backed certification that proves your business takes cyber security seriously. More and more organisations now require it before they'll work with you.

We provide a fully managed, end-to-end Cyber Essentials Plus certification service designed for Cyber Essentials for SME and larger organisations alike. That means everything — the initial Cyber Essentials assessment, preparation, licensing, technical vulnerability testing, remediation of any issues, and the final examination — is handled by our team. You get certified without the headache.

Gap Analysis & Remediation

Everything you need to achieve Cyber Essentials Plus certification — from the first conversation to the certificate on your wall.

Gap Assessment

We carry out a thorough gap analysis of your current IT setup against all five Cyber Essentials security controls — firewalls, secure configuration, access control, malware protection and patch management — and identify exactly what needs to change.

Preparation & Remediation

We don't just tell you what's wrong — we fix it. Our engineers handle the full Cyber Essentials preparation, implementing the technical changes needed to bring your security controls into compliance, from firewall rules to patching policies and user access controls.

Licensing & Registration

We handle all IASME certification body registration and licensing fees as part of our service — so the Cyber Essentials cost is clear from day one. No separate invoices, no hidden admin costs — it's all included in a single, transparent price.

Vulnerability Testing

Cyber Essentials Plus requires hands-on technical verification. We conduct the internal and external vulnerability scans, test your configurations and verify that your defences work as they should — before the assessor does.

Examination & Certification

We coordinate the official Cyber Essentials Plus examination and Cyber Essentials audit with an accredited certification body. We're with you every step — answering questions, providing evidence and ensuring a smooth pass on the first attempt.

Ongoing Support

Certification is annual. We provide dedicated Cyber Essentials IT support to help you maintain compliance year-round with ongoing monitoring, cyber security training for your staff, policy reviews and Cyber Essentials renewal support — so you never fall out of certification.

Vulnerability Testing & Examination

No Jargon, No Stress

We know that cyber security certifications can feel overwhelming — especially if you don't have an in-house IT security team. As an experienced Cyber Essentials consultant UK businesses trust, we handle everything in plain English, with clear communication at every stage. You'll always know exactly where you stand.

Fix It, Don't Just Flag It

Unlike consultancies that hand you a report and wish you luck, we actually do the technical work. When we find gaps in your setup, our engineers implement the fixes directly — firewalls, patching, access controls, the lot.

First-Time Pass

We conduct our own internal vulnerability testing before the official examination, so we catch and resolve any issues in advance. Our goal is a clean pass on the first Cyber Essentials assessment — no re-sits, no delays, no extra costs.

Ready to get Cyber Essentials Plus certified?

Get started

Cyber Essentials Plus Certification Process

A straightforward four-stage process that takes you from wherever you are now to fully certified.

Assess & Scope

We audit your current IT environment against all five Cyber Essentials security controls to define the Cyber Essentials scope. We identify every gap, document what needs to change, and give you a clear picture of where you stand today.

Prepare & Remediate

Our engineers implement the required technical changes — firewall configuration, patching, user access policies, malware protection and secure configuration. We do the work, not just the advice.

Test & Verify

We run internal vulnerability scans and technical tests to verify everything passes. This pre-examination dry run means we catch and fix any remaining issues before the official assessment.

Certify & Maintain

We coordinate the official Cyber Essentials Plus examination, support you through the process, and help you achieve certification. Then we help you stay certified with straightforward Cyber Essentials renewal year after year.

Businesses turn to us when

They need Cyber Essentials Plus to win or retain a contract — especially with government or public sector clients

They've tried the Cyber Essentials self-assessment but failed the technical audit or found the process too complex

They don't have the in-house expertise or time to prepare for certification themselves

Their clients, insurers or supply chain partners are asking for proof of cyber security standards

They want to improve their overall security posture — not just get a badge, but actually be better protected

They're unsure whether their current IT setup meets the five technical controls and need expert guidance

They want a single provider to handle everything — assessment, fixes, licensing, testing and the exam itself

Their current Cyber Essentials certification is due for renewal and they want a smoother process this time around

They want to demonstrate trust and credibility to customers by holding a recognised government-backed standard

What is Cyber Essentials Plus?

Cyber Essentials is a UK government-backed scheme designed to help organisations protect themselves against the most common cyber attacks. It covers five key security controls: firewalls, secure configuration, user access control, malware protection and patch management.

Cyber Essentials Plus goes a step further than the basic Cyber Essentials self-assessment. While the standard level is a questionnaire verified by an IASME certification body, Plus requires an independent, hands-on Cyber Essentials audit of your systems. An accredited assessor verifies that your defences actually work — not just that you say they do.

This makes CE Plus certification significantly more credible. It's increasingly a government contract Cyber Essentials requirement for supply chain compliance and cyber insurance. Many private sector organisations also now ask suppliers for it as a minimum security standard — making it essential for Cyber Essentials for small business and enterprise alike.

The certification is valid for 12 months and needs annual Cyber Essentials renewal. With our managed service, we make both the initial certification and ongoing renewals straightforward.

Cyber Essentials Plus certification planning

The five technical controls we cover

Every Cyber Essentials Plus security control independently tested, verified and documented — plus ongoing compliance management to keep you certified.

Firewalls & Internet Gateways

We configure and verify that your boundary firewalls and internet gateways deliver robust network security — blocking unauthorised inbound traffic, restricting outbound connections and ensuring default passwords are changed. For Plus, we test that configurations actually work in practice, verifying rules, checking open ports and filtering.

Secure Configuration

We review and harden the configuration of your computers, servers, mobile devices, routers and cloud services — removing default accounts, disabling auto-run features, enforcing secure email configuration and ensuring only necessary software is installed. We verify configurations by testing a representative sample during the Plus assessment.

User Access Control

We review access control policies and implement proper practices — unique user accounts, strong password policies, multi-factor authentication and the principle of least privilege. We verify that admin accounts aren't used for day-to-day tasks and unused accounts are disabled across all in-scope devices.

Malware Protection

We ensure antivirus and anti-malware software is installed, running, up to date and properly configured on all in-scope devices with real-time scanning active and current definitions. For the Plus assessment, we test that malware protection actually works — providing genuine ransomware protection by verifying that known test samples are detected and blocked.

Patch Management & Software Updates

We verify that all operating systems, applications, plugins and firmware are patched within 14 days of security updates being released. We check automatic updates are enabled, unsupported or end-of-life software is removed, and your patching process is documented and followed consistently.

Ongoing Compliance & Annual Renewal

Cyber Essentials Plus certification is valid for 12 months. We manage the entire Cyber Essentials renewal process — pre-assessment audits, gap analysis of any new issues, documentation updates and coordination with the certification body. Continuous compliance monitoring ensures you're always assessment-ready, not scrambling at renewal time.

Why Cloudswitched for Cyber Essentials Plus?

We're an IT company that lives and breathes this stuff every day — not a compliance consultancy reading from a checklist.

IT company, not just consultants

We're not just a Cyber Essentials consultant — we actually fix things. Our engineers implement the technical changes needed, so you don't have to find someone else to do the work.

Everything included

Licensing, registration, testing, remediation, examination — it's all in one price. No surprise invoices for the certification body fee or "additional technical work".

First-time pass focus

We run our own internal testing before the official exam. We find and fix issues in advance so there are no nasty surprises on assessment day.

Plain English, no jargon

We explain everything clearly. You'll understand what each control means, why it matters, and what we're doing about it — without needing a cyber security degree.

Dedicated account manager

One named contact who knows your business and manages the entire process. No ticket queues, no call centres — just a person who picks up the phone.

Fast turnaround

Need Cyber Essentials certification urgently for a government contract deadline? We prioritise your project and work efficiently to get you certified as quickly as possible without cutting corners.

Genuine security improvement

We don't just tick boxes. The work we do during certification genuinely improves your cyber security — protecting your business against the threats that matter most.

Ongoing managed IT available

Already a Cloudswitched IT support client? Even better — we already know your setup. Not yet? We can provide Cyber Essentials IT support and manage your IT and certification together for maximum efficiency.

Annual renewal support

Certification is valid for 12 months. We make renewal simple — tracking your expiry, preparing your systems and managing the re-certification process each year.

Certification Levels

Two levels of certification to match your requirements. Both cover the same 5 core controls — the difference is how they're verified.

Cyber Essentials

Self-assessment certification for most businesses

Basic Level

Self-assessment questionnaire
Covers all 5 core controls
Verified by certification body
Meets most government contract requirements
Valid for 12 months
Includes cyber liability insurance
No hands-on technical testing
No vulnerability scanning

Get Certified

Recommended

Cyber Essentials Plus

Hands-on audit for higher assurance

Advanced Level

Everything in Cyber Essentials Basic
Hands-on technical audit by assessor
External vulnerability scanning
Internal configuration testing
Email phishing protection and simulation testing
Required for sensitive government contracts
Higher supply chain assurance
Includes cyber liability insurance

Get Certified Plus

Cyber Essentials Certification, Compliance & Cost

Government contract requirements, penetration testing, GDPR compliance and transparent pricing for UK businesses.

Pricing

Cyber Essentials Cost & Pricing

The Cyber Essentials cost starts from £320+VAT for the basic Cyber Essentials self-assessment, with Cyber Essentials Plus typically costing around £1,400+VAT for SMEs depending on the Cyber Essentials scope and environment complexity. Our fully managed pricing covers everything in one package — the IASME certification licence, vulnerability scanning, remediation support and the examination itself. No hidden costs, no unexpected extras. We handle the entire Cyber Essentials assessment so you get certified first time.

Compliance

Government Contract Requirements & GDPR Compliance

Since October 2014, government contract Cyber Essentials certification has been mandatory for UK public sector suppliers handling certain types of sensitive and personal information. Many private sector organisations now require it from their supply chain too. Meeting these Cyber Essentials requirements also supports your GDPR compliance obligations by demonstrating that your business has implemented fundamental security controls — including data encryption — to protect personal data. For businesses bidding on public sector contracts, certification is not optional — it's a prerequisite.

Security

Penetration Testing & Cyber Security for Small Business

Cyber Essentials Plus includes a hands-on penetration testing element where a qualified assessor actively tests your systems for vulnerabilities. This goes beyond the Cyber Essentials self-assessment and provides genuine assurance that your defences work in practice. Our Cyber Essentials for small business approach makes the process accessible and affordable for any SME — we guide you through every step as a trusted Cyber Essentials consultant UK businesses rely on, fix any issues we find, and ensure your business passes the assessment without disruption.

Frequently Asked Questions

Common questions about Cyber Essentials certification, costs and requirements. If you need more detail, get in touch — we're happy to help.

How much does Cyber Essentials cost for a UK business?

The Cyber Essentials cost starts from around £320+VAT for the basic self-assessment level. Cyber Essentials Plus typically costs around £1,400+VAT for SMEs, depending on the size and complexity of your environment. Our fully managed service includes everything in one price — IASME certification body fees, licensing, vulnerability scanning, remediation and the examination itself. No hidden extras.

What are the Cyber Essentials Plus requirements?

Cyber Essentials Plus requirements build on the basic level. You must first pass the Cyber Essentials self-assessment questionnaire, then an accredited assessor conducts a hands-on technical audit of your systems. They verify all five security controls — firewalls, secure configuration, user access control, malware protection and patch management — actually work in practice through vulnerability scanning and configuration testing.

What is the difference between the Cyber Essentials self-assessment and Plus?

The Cyber Essentials self-assessment is a questionnaire where you declare how your organisation meets the five security controls — it is then reviewed by a certification body. Cyber Essentials Plus adds an independent, hands-on technical audit where an accredited assessor tests your systems directly to verify your defences work. Plus is significantly more credible and is increasingly required for government contracts and supply chain compliance.

Is Cyber Essentials worth it for a small business?

Absolutely. Cyber Essentials for small business is one of the most cost-effective ways to protect against common cyber attacks — the government estimates it prevents around 80% of breaches. Beyond security, it opens doors to government contracts, satisfies supply chain requirements, can reduce cyber insurance premiums, and demonstrates credibility to customers. For SMEs, the return on investment is significant.

Do I need Cyber Essentials for government contracts?

Yes — since October 2014, Cyber Essentials certification has been mandatory for UK government contracts that involve handling sensitive or personal information. Many public sector organisations now require Cyber Essentials Plus specifically, particularly for IT services and data processing contracts. Without certification, you simply cannot bid on these tenders. Private sector organisations are increasingly requiring it from suppliers too.

How does the Cyber Essentials scope and audit process work?

The Cyber Essentials scope covers all user devices, servers, firewalls, routers and cloud services connected to the internet or handling business data. The Cyber Essentials audit process begins with defining this scope, then assessing your setup against the five controls. For Plus, an accredited assessor conducts hands-on testing — external vulnerability scans, internal configuration checks and malware protection verification. We handle the full process end to end.

How long does Cyber Essentials preparation take?

Cyber Essentials preparation time depends on your starting point. If your IT is already well-managed, we can typically complete the full process — gap analysis, remediation, testing and examination — within two to four weeks. If significant changes are needed, it may take six to eight weeks. We give you a realistic timeline after the initial assessment so there are no surprises.

How does Cyber Essentials renewal work and what is IASME certification?

Cyber Essentials certification is valid for 12 months and requires annual Cyber Essentials renewal. IASME is the sole certification body appointed by the National Cyber Security Centre to deliver the Cyber Essentials scheme — all certificates are issued through IASME-accredited assessors. For renewal, you repeat the assessment process to confirm your controls still meet the standard. We manage the entire renewal — tracking your expiry, re-assessing your environment and coordinating with the certification body.

Cyber Essentials for Government Contracts

Cyber Essentials Plus is relevant to businesses of all sizes. Here are the most common reasons organisations pursue certification.

Government Contracts

Government contract Cyber Essentials Plus is mandatory for many UK public sector tenders — especially those involving sensitive data or IT services. Without it, you can't bid.

Supply Chain Requirements

Large enterprises increasingly require their suppliers to hold Cyber Essentials Plus. It proves you meet a baseline security standard and reduces supply chain risk for everyone.

Cyber Insurance

Many cyber insurance providers offer reduced premiums or require Cyber Essentials Plus as a condition of cover. Certification can directly lower your insurance costs.

Customer Confidence

Displaying the Cyber Essentials Plus badge shows your customers and prospects that you take data protection seriously. It's a competitive differentiator — especially in professional services, finance and healthcare.

Genuine Protection

Beyond the badge, the five Cyber Essentials security controls answer the question every business owner asks: how to protect my business from cyber attacks. 80% of breaches could be prevented by implementing these basics properly — which is why Cyber Essentials for SME organisations is such a valuable investment.