Cyber Essentials Certification in Devon & the South West
Get Cyber Essentials certified with a licensed Certification Body based in Torquay.
Regola helps businesses across Devon, the South West and the wider UK prepare for assessment, complete the questionnaire correctly, respond to feedback clearly, and achieve certification with less friction.
✓ Government-backed scheme
✓ From £320+VAT
✓ Devon-based Certification Body
✓ Included Cyber Insurance if eligible
What is Cyber Essentials?
Cyber Essentials is a UK government-backed certification scheme that helps organisations defend against common cyber threats through five core technical controls. It gives businesses a recognised baseline of cyber security and a clear way to show customers, partners, and procurement teams that essential protections are in place.
The scheme is owned by the National Cyber Security Centre (NCSC) and delivered through IASME, who license Certification Bodies like Regola to assess applications and award certification. As South Devon's first licensed Cyber Essentials Certification Body, we've supported nearly 100 organisations across the South West and the UK through the process.
Why Businesses Choose Cyber Essentials
Cyber Essentials is more than a certification badge. It is a practical way to strengthen your baseline cyber security, reduce common risks, and show clients, suppliers, and procurement teams that your organisation takes cyber security seriously.
Build Trust with Clients
Demonstrate a recognised baseline of cyber security to customers, partners and procurement teams. Cyber Essentials helps show that essential protections are in place across your organisation.
Support Tenders and Supplier Approval
Many organisations ask for Cyber Essentials when awarding contracts or onboarding suppliers. Certification can help you meet procurement requirements and move through supplier checks with more confidence.
Improve Cyber Defences
Cyber Essentials focuses on practical technical controls that help reduce exposure to common online threats. It gives your business a clearer foundation for managing day-to-day cyber risk.
Access Insurance Eligibility
Eligible UK organisations may receive included cyber liability insurance when certification covers the whole organisation. This adds extra reassurance alongside the certification itself.
The Five Cyber Essentials Technical Controls
Cyber Essentials certification is built around five core technical controls. Together, these protect against around 80% of the most common cyber attacks. Your assessment will cover how your business meets each one.
Firewalls: Every device used for business should sit behind a properly configured firewall, whether that's a boundary firewall on your network or a software firewall on individual devices. The aim is to control what traffic is allowed in and out and to block anything that hasn't been explicitly permitted.
Secure Configuration: Devices and software should be set up with security in mind from the start. That means removing default accounts, changing default passwords, disabling unused services, and only running what's actually needed for the business.
User Access Controls: People should only have access to the systems and data they need to do their job. Administrator accounts should be used sparingly and protected with strong authentication, and access should be reviewed when someone changes role or leaves.
Malware Protection: Every device should have an active and up to date defence against malware. That usually means anti-malware software, but it can also include application allow lists or sandboxing, depending on the device and how it's used.
Security Update Management: Software and operating systems need to be kept up to date. Critical and high-severity security updates should be applied within 14 days of release, and any software that's no longer supported by the vendor must be removed or properly isolated.
Cyber Essentials Requirements at a Glance
The full requirements are published by IASME and apply to all the devices, software, and accounts in scope of your assessment. The most common areas businesses need to check include:
-
All in-scope devices supported by the vendor and receiving security updates
-
Multi-factor authentication on cloud services such as Microsoft 365 or Google Workspace
-
Strong password policies, including protections against brute-force attacks
-
A clear inventory of company and personal devices used for business
-
Working anti-malware on every in-scope device
-
Properly configured firewalls on networks and devices
-
A documented process for adding, changing, and removing user access
-
If you're not sure how your business measures up, Regola can run a gap analysis and walk you through what needs to be in place before you submit for assessment.
Why Choose Regola?
We do more than just review a questionnaire. We help you understand the requirements, prepare stronger submissions, and respond to feedback clearly so you can move through certification with less delay and less guesswork.
As a Devon-based Certification Body, we work face to face with businesses across Torquay, Exeter, Plymouth, and the wider South West, as well as remotely with clients throughout the UK. We've assessed nearly 100 organisations and know exactly where applications tend to trip up.
How Cyber Essentials Certification Works
1. Find out what is needed, to be ready for assessment Regola can help with a gap analysis and use of the IASME analysis tool to support pre-assessment preparation.
2. Purchase the assessment Cyber Essentials assessment is available from IASME or an accredited Certification Body like Regola. You'll then get access to the IASME portal and the online assessment questions.
3. Complete the online questionnaire Answer questions about devices, software, and security measures used in the business. Don't submit answers for assessment until the questions are fully understood.
4. Assessment and support The Certification Body reviews responses, and the marker explains clearly why an answer is incorrect if any need attention.
5. Feedback and corrections If the organisation does not pass on the first attempt, the marker provides detailed feedback. You engage with that feedback, interact further with the marker if needed, make the corrections, and resubmit.
6. Certification and Cyber Liability Insurance Once successful, certification is granted for one year along with included cyber liability insurance (for eligible UK organisations). Your badge can be checked online through IASME's lookup, which is useful for securing supply chains.
Frequently Asked Questions
How much does Cyber Essentials cost?
Cyber Essentials starts from £320+VAT for micro organisations, with pricing increasing for larger businesses based on the IASME tier structure. Regola can give you a clear quote once we understand the size and scope of your business.
How long does Cyber Essentials certification take?
For a well-prepared business, the questionnaire itself can be completed in a few days, with assessment typically returned within a few working days of submission. If corrections are needed, total time depends on how quickly the business can address feedback. Most clients are certified within two to four weeks of starting.
Is Cyber Essentials worth it for small businesses?
Yes. Cyber Essentials was specifically designed to be accessible to small and medium-sized businesses. It covers the protections most attacks rely on getting past, and for many SMEs it's also a requirement for public sector tenders, supplier onboarding, or cyber insurance.
What's the difference between Cyber Essentials and Cyber Essentials Plus?
Cyber Essentials is a self-assessment, reviewed and certified by a licensed Certification Body. Cyber Essentials Plus adds a hands-on technical audit of your systems using NCSC-approved tools, verifying that the controls you've declared are actually in place. CE+ is required for some contracts and gives stronger assurance.
Do I need to be in Devon to work with Regola?
No. We're based in Torquay and work with businesses across Devon and the South West face to face, but we also support clients across the UK remotely. The IASME portal and assessment process work the same way wherever you're based.
How long does Cyber Essentials certification last?
Certification is valid for 12 months. After that you'll need to renew to stay listed in the IASME directory, keep your blockmark badge active, and maintain your cyber liability insurance cover.
What happens if we fail the assessment?
If your assessment is referred back, you will receive comprehensive feedback and access to help from a real person. You then have a 48-hour period to make corrections and pass at no additional charge. If you do not implement the necessary changes fairly promptly, you will fail Cyber Essentials and be required to purchase a new assessment.