Cyber Essentials Plus Certification for UK Businesses
The Audited version of Cyber Essentials (For the business that wishes to prove it!)
The technical work required of the assessor makes CE+ more expensive for the organisation, who has little more to do (assessor checks against questionnaire)
The CE+ process uses NCSC authorised software tools on the organisation's network and compares results with the questionnaire.
Such tools physically verify that the security controls declared are actually implemented and working effectively across the organisation’s systems and devices.
Organisations must already hold a valid Cyber Essentials certificate issued less than 90 days before the CE+ is issued. Otherwise, CE will have to be repeated before CE+ assessment.
Key Points
Enhanced Assurance: Includes independent testing of systems to verify security controls are applied correctly
Starts From Cyber Essentials: You must have passed Cyber Essentials within the last 3 months before applying.
Technical Audit Required: A trained assessor uses approved vulnerability testing tools to validate your security.
Certification Body Involvement: CE+ requires closer engagement with a certification body throughout the process.
Stronger Trust Signal: Demonstrates to clients and partners that security measures are not only in place, but proven effective in practice.
The Process
-
Achieve Cyber Essentials.
-
As quickly as possible afterwards, engage with a Certification Body authorised to conduct CE+, working directly with an approved assessor (Regola use authorised specialist partners).
-
Assist as required with the Technical Security Audit. Approved vulnerability testing tools are used to assess your systems and confirm controls are active and effective.
-
Review & Feedback: Any issues found are discussed, and organisations may receive guidance to address them.
-
Issues, compared with CE responses are addressed.
-
Certification Awarded.