Get Cyber Essentials certified, without the headache.

Cyber Essentials is the UK government backed certification that proves your organisation has the essential technical controls in place. Get certified through All-Secure: we scope it and give you a same-day fixed quote, our trusted, accredited certification partner leads you through the assessment itself, and if anything needs fixing our penetration testers help you fix it.

Cyber Essentials

The baseline tier. You answer a question set covering the five core controls and an assessor verifies your answers. Fast, affordable and the certification most contracts ask for first.

  • Verified self-assessment
  • The five core controls
  • Certified in days
  • Cyber insurance included for eligible orgs

Cyber Essentials Plus

The audited tier. The same five controls, verified by a hands-on technical audit of a sample of your systems, carried out within three months of the basic certificate.

  • Everything in Cyber Essentials
  • Hands-on technical audit
  • Higher assurance for contracts
  • Named in many tenders

Which tier do you need?

Both tiers certify the same five controls: firewalls, secure configuration, access control, malware protection and security update management. The difference is assurance. Cyber Essentials verifies what you declare; Cyber Essentials Plus independently tests that it is true.

Not sure which one your contract asks for? Send it over and we will tell you straight.

Verified self-assessment

Cyber Essentials

Your answers to the question set, reviewed by an assessor. Days to certify, and the entry requirement for many contracts and supply chains.

Independently audited

Cyber Essentials Plus

A technical audit of a sample of your systems proves the controls work in practice. Required where customers want proof rather than a signed declaration.

What the certificate actually gets you.

The five controls stop the vast majority of common, internet-based attacks. The certificate proves it to the people who ask.

Win contracts

Many central government contracts involving personal or sensitive data require Cyber Essentials, and Ministry of Defence suppliers must hold it. Some tenders specify Plus.

Satisfy insurers and supply chains

Insurers and enterprise procurement teams increasingly expect it, and eligible smaller organisations get cyber insurance included with certification.

Prove the baseline

Firewalls, secure configuration, access control, malware protection and security updates: the essentials, checked and certified rather than assumed.

From scoping call to certificate.

One scoping call with us, then a clear path to the certificate. You always know what happens next.

  1. 01

    Scoping call

    Tell us your size, your systems and which tier you need. We come back with a fixed price for the whole thing, quoted the same day.

  2. 02

    Introduction

    We introduce you to our trusted certification partner, an accredited IASME-licensed certification body, and stay in the loop throughout.

  3. 03

    Assessment

    The partner leads you through the self-assessment question set, so you always know what a compliant answer looks like.

  4. 04

    Certification

    Your answers are verified and the certificate is issued. For Plus, the hands-on technical audit happens within three months of the basic certificate.

  5. 05

    Fix anything flagged

    If the assessment surfaces a gap, an All-Secure penetration tester is on hand to help you close it quickly and properly.

  6. 06

    Annual renewal

    Certification lasts twelve months. We prompt you when renewal is due and arrange the reassessment, so the certificate stays current year after year.

One supplier for testing and certification.

Certification is delivered by our trusted partner, an accredited, IASME-licensed certification body, who leads you through the assessment and issues the certificate. All-Secure handles the quote, the introduction and anything security related that comes out of it.

The difference is what sits behind it. We break into systems for a living, so if the assessment flags a gap, you are not left holding a checklist: a penetration tester helps you close it properly. And when you are ready to go beyond the baseline, the same team already knows your environment.

  • Same-day fixed quote for either tier
  • Assessment led by an accredited certification body
  • Penetration testers on hand for anything flagged
  • Renewal prompted and arranged every year

Cyber Essentials, answered.

Straight answers to what organisations ask most about getting certified.

What is the difference between Cyber Essentials and Cyber Essentials Plus?

Cyber Essentials is a verified self-assessment: you answer a question set covering the five technical controls and an assessor reviews your answers. Cyber Essentials Plus covers the same controls but adds a hands-on technical audit, where an assessor tests a sample of your systems to verify the controls are genuinely in place. Plus carries more weight with customers and is named in some contracts, and the audit must be completed within three months of the basic certification.

How much does Cyber Essentials certification cost?

The assessment fee for basic Cyber Essentials is set by the scheme and varies with the size of your organisation. Cyber Essentials Plus depends on how many systems need to be sampled in the audit. Tell us your size and scope and we will give you one fixed price the same day, with no hidden extras.

How long does it take to get certified?

Basic Cyber Essentials can be turned around in days once your answers are ready, as the self-assessment is usually reviewed within a few working days of submission. Cyber Essentials Plus typically takes a few weeks end to end, and the audit must happen within three months of the basic certificate being issued.

Do I need a penetration test to get Cyber Essentials?

No. Cyber Essentials Plus includes an audited technical verification, but that is not a penetration test and the scheme does not require one. A penetration test goes much deeper: it shows what a real attacker could actually do, rather than checking baseline controls. Many organisations do both, and as penetration testers we can quote for either, or both together, in one conversation.

Who actually certifies us?

Our trusted certification partner, an accredited IASME-licensed certification body, leads you through the assessment and issues your certificate. All-Secure scopes the work, gives you a same-day fixed quote and makes the introduction, with penetration testers on hand if the assessment flags anything that needs fixing.

Do we need Cyber Essentials for government or MoD contracts?

Very often, yes. Many central government contracts that involve handling personal or sensitive information require Cyber Essentials, and Ministry of Defence suppliers are required to hold it. Some contracts specify Cyber Essentials Plus, so check the wording, or send it to us and we will tell you which tier you need.

How long does the certificate last?

Twelve months. Certification is renewed annually against the current question set, which evolves as the scheme is updated. We prompt you when renewal is due and arrange the reassessment through our certification partner, so the certificate never quietly lapses.

Ready to get certified?

Tell us your size and which tier you need. We will come back the same day with one fixed price, with no sales theatre.

Get a same-day quote