What is the difference between Cyber Essentials and Cyber Essentials Plus?
Cyber Essentials is a verified self-assessment: you answer a question set covering the five technical controls and an assessor reviews your answers. Cyber Essentials Plus covers the same controls but adds a hands-on technical audit, where an assessor tests a sample of your systems to verify the controls are genuinely in place. Plus carries more weight with customers and is named in some contracts, and the audit must be completed within three months of the basic certification.
How much does Cyber Essentials certification cost?
The assessment fee for basic Cyber Essentials is set by the scheme and varies with the size of your organisation. Cyber Essentials Plus depends on how many systems need to be sampled in the audit. Tell us your size and scope and we will give you one fixed price the same day, with no hidden extras.
How long does it take to get certified?
Basic Cyber Essentials can be turned around in days once your answers are ready, as the self-assessment is usually reviewed within a few working days of submission. Cyber Essentials Plus typically takes a few weeks end to end, and the audit must happen within three months of the basic certificate being issued.
Do I need a penetration test to get Cyber Essentials?
No. Cyber Essentials Plus includes an audited technical verification, but that is not a penetration test and the scheme does not require one. A penetration test goes much deeper: it shows what a real attacker could actually do, rather than checking baseline controls. Many organisations do both, and as penetration testers we can quote for either, or both together, in one conversation.
Who actually certifies us?
Our trusted certification partner, an accredited IASME-licensed certification body, leads you through the assessment and issues your certificate. All-Secure scopes the work, gives you a same-day fixed quote and makes the introduction, with penetration testers on hand if the assessment flags anything that needs fixing.
Do we need Cyber Essentials for government or MoD contracts?
Very often, yes. Many central government contracts that involve handling personal or sensitive information require Cyber Essentials, and Ministry of Defence suppliers are required to hold it. Some contracts specify Cyber Essentials Plus, so check the wording, or send it to us and we will tell you which tier you need.
How long does the certificate last?
Twelve months. Certification is renewed annually against the current question set, which evolves as the scheme is updated. We prompt you when renewal is due and arrange the reassessment through our certification partner, so the certificate never quietly lapses.