Cyber Essentials Plus

End-to-End Certification, Handled For You

Full Certification

We handle every step of your Cyber Essentials Plus certification — from initial assessment through to successful examination and certification.

Complete Protection

Our service includes all licensing, technical testing, vulnerability scanning and remediation — everything you need under one roof.

Guaranteed Support

We guide you through every requirement, fix any issues we find, and ensure you're fully prepared before examination day. No surprises.

End-to-End Service

Key Controls Covered

Years IT Security Experience

Hidden Costs or Extras

Cyber Essentials Plus is the UK government-backed certification that proves your business takes cyber security seriously. More and more organisations now require it before they'll work with you.

We provide a fully managed, end-to-end Cyber Essentials Plus certification service. That means everything — the initial assessment, preparation, licensing, technical vulnerability testing, remediation of any issues, and the final examination — is handled by our team. You get certified without the headache.

Our end-to-end service

Everything you need to achieve Cyber Essentials Plus certification — from the first conversation to the certificate on your wall.

Gap Assessment

We review your current IT setup against all five Cyber Essentials technical controls — firewalls, secure configuration, access control, malware protection and patch management — and identify exactly what needs to change.

Preparation & Remediation

We don't just tell you what's wrong — we fix it. Our engineers implement the technical changes needed to bring your systems into compliance, from firewall rules to patching policies and user access controls.

Licensing & Registration

We handle all the certification body registration and licensing fees as part of our service. No separate invoices, no hidden admin costs — it's all included in a single, transparent price.

Vulnerability Testing

Cyber Essentials Plus requires hands-on technical verification. We conduct the internal and external vulnerability scans, test your configurations and verify that your defences work as they should — before the assessor does.

Examination & Certification

We coordinate the official Cyber Essentials Plus examination with an accredited certification body. We're with you every step — answering questions, providing evidence and ensuring a smooth pass on the first attempt.

Ongoing Support

Certification is annual. We help you maintain compliance year-round with ongoing monitoring, policy reviews and renewal support — so you never fall out of certification.

Our approach to certification

No Jargon, No Stress

We know that cyber security certifications can feel overwhelming — especially if you don't have an in-house IT security team. That's why we handle everything in plain English, with clear communication at every stage. You'll always know exactly where you stand.

Fix It, Don't Just Flag It

Unlike consultancies that hand you a report and wish you luck, we actually do the technical work. When we find gaps in your setup, our engineers implement the fixes directly — firewalls, patching, access controls, the lot.

First-Time Pass

We conduct our own internal testing before the official examination, so we catch and resolve any issues in advance. Our goal is a clean pass on the first attempt — no re-sits, no delays, no extra costs.

Ready to get Cyber Essentials Plus certified?

Get started

How it works

A straightforward four-stage process that takes you from wherever you are now to fully certified.

Assess & Scope

We audit your current IT environment against all five Cyber Essentials technical controls. We identify every gap, document what needs to change, and give you a clear picture of where you stand today.

Prepare & Remediate

Our engineers implement the required technical changes — firewall configuration, patching, user access policies, malware protection and secure configuration. We do the work, not just the advice.

Test & Verify

We run internal vulnerability scans and technical tests to verify everything passes. This pre-examination dry run means we catch and fix any remaining issues before the official assessment.

Certify & Maintain

We coordinate the official Cyber Essentials Plus examination, support you through the process, and help you achieve certification. Then we help you stay certified year after year.

Businesses turn to us when

They need Cyber Essentials Plus to win or retain a contract — especially with government or public sector clients

They've tried to self-certify but failed the technical assessment or found the process too complex

They don't have the in-house expertise or time to prepare for certification themselves

Their clients, insurers or supply chain partners are asking for proof of cyber security standards

They want to improve their overall security posture — not just get a badge, but actually be better protected

They're unsure whether their current IT setup meets the five technical controls and need expert guidance

They want a single provider to handle everything — assessment, fixes, licensing, testing and the exam itself

Their current certification is due for renewal and they want a smoother process this time around

They want to demonstrate trust and credibility to customers by holding a recognised government-backed standard

What is Cyber Essentials Plus?

Cyber Essentials is a UK government-backed scheme designed to help organisations protect themselves against the most common cyber attacks. It covers five key technical controls: firewalls, secure configuration, user access control, malware protection and patch management.

Cyber Essentials Plus goes a step further than the basic Cyber Essentials certification. While the standard level is a self-assessment questionnaire, Plus requires an independent, hands-on technical audit of your systems. An accredited assessor verifies that your defences actually work — not just that you say they do.

This makes Cyber Essentials Plus significantly more credible. It's increasingly required for government contracts, supply chain compliance and cyber insurance. Many private sector organisations also now ask suppliers for it as a minimum security standard.

The certification is valid for 12 months and needs annual renewal. With our managed service, we make both the initial certification and ongoing renewals straightforward.

Cyber Essentials Plus certification planning

The five technical controls we cover

Every Cyber Essentials Plus control independently tested, verified and documented — plus ongoing compliance management to keep you certified.

Firewalls & Internet Gateways

We configure and verify that your boundary firewalls and internet gateways are properly secured — blocking unauthorised inbound traffic, restricting outbound connections and ensuring default passwords are changed. For Plus, we test that configurations actually work in practice, verifying rules, checking open ports and filtering.

Secure Configuration

We review and harden the configuration of your computers, servers, mobile devices, routers and cloud services — removing default accounts, disabling auto-run features and ensuring only necessary software is installed. We verify configurations by testing a representative sample during the Plus assessment.

User Access Control

We review access control policies and implement proper practices — unique user accounts, strong password policies, multi-factor authentication and the principle of least privilege. We verify that admin accounts aren't used for day-to-day tasks and unused accounts are disabled across all in-scope devices.

Malware Protection

We ensure anti-malware software is installed, running, up to date and properly configured on all in-scope devices with real-time scanning active and current definitions. For the Plus assessment, we test that malware protection actually works — including verifying that known test samples are detected and blocked.

Patch Management & Software Updates

We verify that all operating systems, applications, plugins and firmware are patched within 14 days of security updates being released. We check automatic updates are enabled, unsupported or end-of-life software is removed, and your patching process is documented and followed consistently.

Ongoing Compliance & Annual Renewal

Cyber Essentials Plus certification is valid for 12 months. We manage the entire renewal process — pre-assessment audits, remediation of any new gaps, documentation updates and coordination with the certification body. Continuous compliance monitoring ensures you're always assessment-ready, not scrambling at renewal time.

Why Cloudswitched for Cyber Essentials Plus?

We're an IT company that lives and breathes this stuff every day — not a compliance consultancy reading from a checklist.

IT company, not just consultants

We don't just assess and advise — we actually fix things. Our engineers implement the technical changes needed, so you don't have to find someone else to do the work.

Everything included

Licensing, registration, testing, remediation, examination — it's all in one price. No surprise invoices for the certification body fee or "additional technical work".

First-time pass focus

We run our own internal testing before the official exam. We find and fix issues in advance so there are no nasty surprises on assessment day.

Plain English, no jargon

We explain everything clearly. You'll understand what each control means, why it matters, and what we're doing about it — without needing a cyber security degree.

Dedicated account manager

One named contact who knows your business and manages the entire process. No ticket queues, no call centres — just a person who picks up the phone.

Fast turnaround

Need certification urgently for a contract deadline? We prioritise your project and work efficiently to get you certified as quickly as possible without cutting corners.

Genuine security improvement

We don't just tick boxes. The work we do during certification genuinely improves your cyber security — protecting your business against the threats that matter most.

Ongoing managed IT available

Already a Cloudswitched IT support client? Even better — we already know your setup. Not yet? We can manage your IT and certification together for maximum efficiency.

Annual renewal support

Certification is valid for 12 months. We make renewal simple — tracking your expiry, preparing your systems and managing the re-certification process each year.

Frequently Asked Questions

Common questions about Cyber Essentials Plus certification. If you need more detail, get in touch — we're happy to help.

What's the difference between Cyber Essentials and Cyber Essentials Plus?

Cyber Essentials is a self-assessment questionnaire — you answer questions about your security controls. Cyber Essentials Plus adds an independent, hands-on technical audit where an assessor verifies that your controls actually work. Plus is more rigorous, more credible, and increasingly the standard that organisations require.

How long does the certification process take?

It depends on your starting point. If your IT is already well-managed, we can typically complete the process within a few weeks. If significant remediation is needed, it may take longer — but we'll give you a realistic timeline upfront after the initial assessment.

Do I need Cyber Essentials before getting Plus?

Yes — Cyber Essentials Plus builds on the basic Cyber Essentials certification. You need to pass the self-assessment questionnaire first, then the Plus technical audit follows. Don't worry — we handle both as part of our service.

Is there a separate cost for the certification body?

No. Our service includes everything — the IASME or CREST certification body fees, licensing, testing, remediation and examination. One price, fully inclusive. No hidden extras.

What systems are in scope for the assessment?

Generally, all user devices (laptops, desktops, phones, tablets), servers, firewalls, routers and cloud services that are connected to the internet or handle business data. We help you define the scope clearly during the initial assessment — and can advise on how to structure it sensibly.

What happens if we fail the assessment?

With our service, this is extremely unlikely — because we test everything ourselves before the official examination. In the rare event that an issue is found during the exam, we work with the assessor to resolve it quickly. Our aim is always a first-time pass.

Who needs Cyber Essentials Plus?

Cyber Essentials Plus is relevant to businesses of all sizes. Here are the most common reasons organisations pursue certification.

Government Contracts

Cyber Essentials Plus is mandatory for many UK government and public sector contracts — especially those involving sensitive data or IT services. Without it, you can't bid.

Supply Chain Requirements

Large enterprises increasingly require their suppliers to hold Cyber Essentials Plus. It proves you meet a baseline security standard and reduces supply chain risk for everyone.

Cyber Insurance

Many cyber insurance providers offer reduced premiums or require Cyber Essentials Plus as a condition of cover. Certification can directly lower your insurance costs.

Customer Confidence

Displaying the Cyber Essentials Plus badge shows your customers and prospects that you take data protection seriously. It's a competitive differentiator — especially in professional services, finance and healthcare.

Genuine Protection

Beyond the badge, the five technical controls genuinely protect your business against the most common cyber attacks. 80% of breaches could be prevented by implementing these basics properly.