Cyber Essentials is the UK Government’s baseline standard for cybersecurity. This annually renewable certification scheme focuses on five technical controls designed to mitigate common internet-based cyber threats. Aristi has been involved with Cyber Essentials since the schemes inception, with our CTO, Rob Jervis being among one of the first Cyber Essentials assessors in the UK. Since 2014, we have helped countless organisations understand and certify to the standard.
Achieving Cyber Essentials certification shows that an organisation has implemented key cybersecurity measures. A team of experts periodically reviews the scheme to ensure it remains effective against the evolving threat landscape.
At the initial level, organisations conduct a self-assessment against five basic security controls, with a qualified Assessor verifying the provided information. After obtaining Cyber Essentials, organisations can apply for Cyber Essentials Plus, which involves a hands-on audit of their systems.
1. Demonstrate to customers that cybersecurity is a priority.
2. Stay ahead of emerging cybersecurity risks by annually assessing against a recognised standard.
3. Qualify for contracts that require Cyber Essentials certification to address supply chain security.
4. Organisations that certify their entire entity and have an annual turnover of less than £20 million receive automatic cyber liability insurance.
Cyber Essentials operates through a self-assessment questionnaire, where organisations answer questions about their scope, employees, devices, and work locations. The questions also cover the five core controls: user access control, secure configuration, security update management, firewalls and routers, and malware protection. A board member or equivalent must sign off on the answers, which are then reviewed by one of Aristi’s independent assessors.
Cyber Essentials Plus involves a review of your IT systems, with pricing based on the size and complexity of your network. The verified self-assessment questionnaire from Cyber Essentials is a prerequisite for this level. Though based on the same requirements, Cyber Essentials Plus includes a technical audit to verify the implementation of the controls, providing greater assurance of compliance. The audit covers a representative set of user devices, all internet gateways, and key servers.
Contact us and we will enable access to the online assessment platform. You’ll receive login details and will be able to review your application at your own convenience. A senior board member or equivalent must e-sign a document verifying the truthfulness of the answers, which will then be marked by a qualified Aristi Assessor.
If you need any support or guidance, our team will be here with you, every step of the way.
Upon passing, you’ll receive your certificate and be listed in the directory of certified organisations. Note that the certificate is valid for twelve months, requiring annual renewal to remain listed.
Got an enquiry? Please don't hesitate to contact us.