Skip to content
  • There are no suggestions because the search field is empty.

Cyber Essentials Plus (CE+) Overview

This guide provides a broad overview of Cyber Essentials Plus (CE+). What it is and what it involves.

What is Cyber Essentials Plus?

Cyber Essentials Plus, also referred to as CE+, is a government-backed certification that helps your organisation prove it has strong, basic protections against common online threats like viruses, hacking, and phishing. 

It's part of the UK's Cyber Essentials scheme, but with a higher level of assurance. 

What's the Difference Between Cyber Essentials and CE+?

Cyber Essentials is a self-assessment where you confirm your organisation follows good cyber security practices. 

Cyber Essentials Plus includes everything in Cyber Essentials, plus a hands-on technical check by a qualified assessor. 

Think of it like this: 

- Cyber Essentials is saying 'we lock our doors at night.' 

- Cyber Essentials Plus is proving it by letting someone check that the doors are actually locked and working. 

What Does CE+ Involve? 

  1. Self-Assessment Review – To start CE+, you must first complete the Cyber Essentials questionnaire.
  2. Vulnerability Scan - A digital health check for weaknesses on your computers and external interfaces, a range of IASME approved scanners can be used for CE+. If you do not already have one to hand, Qualys is provided for the audit.
  3. Fixing Issues - If problems are found in your vulnerability scans, you can fix them and still pass.
  4. Remote Audit - A certified expert checks your systems in real time: 
  • Are updates and antivirus in place? 
  • Are firewalls and user permissions set correctly? 
  • Are MFA controls in place 

 

Who is CE+ For? 

 

Cyber Essentials Plus is ideal for: 

  • Businesses working with the government 
  • Companies handling sensitive data 
  • Organisations that want to build client trust 
  • Anyone who wants to take cyber security seriously 

 

Why Should You Care? 

  • It protects your business from common attacks 
  • It proves to clients and partners that you take security seriously 
  • It may be required for certain contracts 
  • It gives peace of mind to your team and customers 

 

How Long Does It Last? 

Cyber Essentials Plus is valid for one year. After that, you need to renew to stay certified.