Skip to content
  • There are no suggestions because the search field is empty.

Cyber Essentials (CE) Overview 

What is it, how do you obtain it, and what to do next?

Cyber Essentials, also referred to as CE, is a UK government-backed certification that helps protect your organisation against common cyber threats. There are two levels of certification: 

  • Cyber Essentials (basic level) 
  • Cyber Essentials Plus (includes hands-on technical verification) 

Understand the Requirements

Start by familiarising yourself with what Cyber Essentials covers. The key areas are: 

  1. Firewalls - Ensuring only safe and necessary traffic gets in and out of your network.
  2. Secure Configuration - Devices and software should be set up in a secure way.
  3. User Access Control - Only the right people should have access to systems and data.
  4. Malware Protection - You should have up-to-date protection against viruses and other threats.
  5. Security Update Management - All devices and software must be kept up to date.
  6. Multi Factor Authentication – Any cloud services used by your organisation should have MFA enabled where possible.


Apply for Cyber Essentials (Self-Assessment)

You'll fill out an online questionnaire about your IT setup and security controls. You must declare that everything meets the required standard. An external assessor will review your answers. 

It's okay to ask your IT provider or team for help filling this out. 


Receive Your Certification (Cyber Essentials)

If your answers meet the standard, you'll be awarded the Cyber Essentials certificate, typically valid for one year. 

You can now display the Cyber Essentials badge on your website or documents. 


Go One Step Further: Cyber Essentials Plus (CE+)


This includes a technical audit by a certified assessor. They will: 

  • Test a sample of your systems for vulnerabilities-  
  • Check patching, firewall settings, antivirus, and user account control 
  • Run scans and validate your responses from the self-assessment 

This level gives greater assurance and is often required for working with government contracts or regulated industries. 


Maintain Your Certification

Cyber threats evolve, so the certification must be renewed annually. 

  • Make Cyber Essentials part of your regular IT and security processes. 
  • Stay on top of updates, access reviews, and training for staff. 

 

-- disclaimer – This is a base overview of the cyber essentials/ce process a whole, this information is correct as of June 2025, over time the guidelines may change. For more information please contact your account manager/ IT team, or visit the IASME website. --disclaimer--