Cyber Essentials certification done right – first time, with expert guidance.

Cyber Essentials is a UK Government-backed cybersecurity certification scheme that demonstrates your organisation has implemented five key cybersecurity controls: firewalls, secure configuration, user access control, malware protection, and patch management. 

It’s an annual point-in-time self-assessment that offers protection against most common online threats and demonstrates to clients, partners, and regulators that you take information security seriously. Certification is a requirement for UK Government contracts and a growing number of industries and Commercial supply chains. 

With a 4.9-star genuine Trustpilot rating, Assure Technical is the most trusted Cyber Essentials Certification Body in the UK – providing cost-effective, pain-free packages.

The difference between Cyber Essentials and Cyber Essentials Plus is how security controls are verified. The certification is delivered in two stages, both assessing the same five technical control areas: firewalls, secure configuration, user access control, malware protection, and patch management.

• Cyber Essentials is the first stage. It is awarded when an organisation completes an online self-assessment questionnaire, which is reviewed by an accredited Cyber Essentials Certification Body to confirm the answers provided comply with the standard.
• Cyber Essentials Plus is the second stage. It builds on Cyber Essentials and includes an independent, hands-on technical audit by accredited assessors. This audit verifies that the declared security controls are working in practice through a series of prescribed technical checks, including vulnerability scanning, malware protection verification, and device configuration testing.

In simple terms, Cyber Essentials demonstrates that you have the controls in place, while Cyber Essentials Plus confirms they work in practice.

Once you have gained Cyber Essentials, you have a three-month window to achieve Cyber Essentials Plus. The Cyber Essentials scheme mandates this because the Cyber Essentials Plus audit is based on the answers provided in your Cyber Essentials self-assessment. If this timeframe is exceeded, you’ll need to renew your Cyber Essentials certificate before the Cyber Essentials Plus audit can take place.  

Assure Technical makes upgrading straightforward. Many clients choose our bundle option, achieving both certifications together for maximum efficiency, cost savings, and uninterrupted compliance.

Cyber Essentials scope is unique to every organisation and is determined at the start of the self-assessment process. Your scope should cover the systems, devices, and services relevant to how your organisation operates, and accurately reflect the environment being certified –  but does not automatically include all of your systems..

In practice, scope often includes:

• User devices used to access business systems, including laptops, desktops, and relevant mobile devices
• User and administrative accounts used to manage systems and services
• Network and security boundary components you control, such as firewalls and gateways
• Cloud and hosted services used to store, process, or access organisational data
• Servers or platforms that support day-to-day business operations

Some elements may legitimately sit out of scope, such as segregated guest networks or isolated legacy systems. However, separation must be genuine and exclusions understood and justified.

Getting this balance wrong can undermine assurance or make certification unnecessarily complex.  That’s why each of our Cyber Essentials packages includes expert guidance from our award-winning team throughout your journey to certification – so you can rest assured that there is help on hand to get your Cyber Essentials scoping right.

By opting for our popular Cyber Essentials Turnkey Solution, we take a fully consultative approach from the outset. An initial 1-hour video consultation with one of our experienced consultants enables us to gain a sound understanding of your organisation’s technical environment, operating model, and risk profile, helping guide scope decisions so they are accurate, proportionate, and defensible.

Pricing depends on your organisation’s size, infrastructure complexity, and how much support you require. If you decide to certify independently, prices range from £320+VAT to £600+VAT depending on your organisation’s size. This approach places responsibility on your internal team to understand the scheme requirements, assess your environment, and complete the questionnaire accurately, without expert support or pre-submission review.

At Assure Technical, our market-leading packages include pre-assessment reviews and guidance throughout the process to ensure you pass the first time with minimal fuss. Prices start from just £590 + VAT for our Supported Package and £1,190 + VAT for our Turnkey Solution. 

Our Supported Package suits organisations with sufficient in-house technical capability that want reassurance they are interpreting the scheme correctly. You complete the assessment internally, while we provide pragmatic guidance and a pre-submission review to reduce the risk of rework and support a first-time pass.

Our Turnkey Solution provides a fully managed route for organisations that want the fastest, lowest-effort path to certification. We take responsibility for scope, assessment preparation, and coordination, minimising disruption and giving confidence that the process is handled efficiently end-to-end.

The time required to achieve Cyber Essentials certification varies depending on your organisation’s size, technical readiness, and how quickly any required changes can be implemented..

For most organisations, certification is typically achieved within two to four weeks. Where systems are already close to meeting the requirements, it can be achieved even faster.

If you opt for our Supported Package, Assure Technical will match your pace. We carry out your pre-submission review and provide pragmatic guidance to help you align with the Cyber Essentials requirements within one working day of your initial self-assessment draft being submitted on the Cyber Essentials portal. 

Certificates are also issued within one working day when you have met all of the Cyber Essentials requirements, or scheduled to be issued on your renewal date.

For organisations prioritising speed and minimal internal effort, our Cyber Essentials Turnkey service provides the quickest route to certification. We take a consultative, end-to-end approach – guiding scope, identifying and resolving gaps early, and managing the process for you – which removes delays and avoids rework.

Once your Cyber Essentials self-assessment portal account has been created, you have up to six months to complete and submit your questionnaire. If the six-month period is exceeded, IASME, the UK Government’s delivery partner for the Cyber Essentials scheme, will automatically close your account. At that point, you will be required to pay the Certification fee again and, if not managed correctly, risk having to restart the process.

For this reason, it’s important to plan ahead and avoid unnecessary delays – particularly if certification is linked to a contract, tender, or renewal deadline.

With some Certification Bodies, a failed Cyber Essentials submission can result in additional costs, re-testing fees, or even the need to pay for certification again. Failing usually occurs when non-conformities are identified after submission or when requirements are misunderstood.

With Assure Technical, you won’t fail because your questionnaire will not be formally submitted until it meets the requirements of the Cyber Essentials standard. Any issues are identified and addressed before submission, removing the risk of failure, rework, or unexpected additional costs.

Where improvements are needed, our consultants provide clear, practical guidance so your team – or your managed service provider – understand exactly what changes are required and why.

Should you require, we can also provide competitively priced remediation support. With our Cyber Essentials Turnkey service, the certification process is fully managed. We review your environment, guide scope decisions, identify gaps early, and complete the self-assessment on your behalf.

As a result, organisations working with Assure Technical are supported through a process designed to achieve Cyber Essentials certification first time, without failed submissions or unnecessary rework.

Certification is valid for 12 months from the date of issue. Think of it as an annual cybersecurity M.O.T. – it’s a point-in-time assessment that ensures your organisation remains secure as both your systems, and the cyber threat landscape evolve.

Here at Assure Technical, we take the stress out of your annual recertification. One of our cybersecurity experts will proactively contact you around 3 months before your renewal date. They will take the time to understand your current requirements and ensure your renewal process runs smoothly around your other business priorities.

We preserve your Cyber Essentials renewal date (to the nearest working day), meaning you can minimise the stress of recertification by starting the process well in advance and still benefit from the full 12 month term of your current certification.

Yes – Cyber Essentials was designed by the UK Government to provide an achievable and affordable cybersecurity standard for all organisations, regardless of size or shape. Smaller organisations are frequent targets for opportunistic cyber attacks. By complying with the standard, this risk is significantly reduced. In fact, recent statistics issued by the Government confirm that companies with Cyber Essentials are over 90% less likely to make an insurance claim as a result of a cyber attack.

Cyber Essentials also strengthens your commercial position. It demonstrates trust and credibility to customers, insurers and partners. Certification is increasingly required for government, public-sector and supply-chain contracts. For many businesses, it directly enables the retention of existing clients and access to new revenue opportunities.

Choosing Assure Technical means working directly with a leading Cyber Essentials Certification Body that has been IASME-approved for over 10 years. 

Cyber Essentials is a core part of what we do. Our assessors review hundreds of certifications each year across a wide range of sectors. This gives us deep insight into common risks, assessment pitfalls, and certification best practice.

You benefit from:

• Direct access to experienced Cyber Essentials assessors.
• Clear guidance based on real assessment outcomes, not theory.
• Fixed, transparent pricing with tailored support options
• Expert-led preparation that supports a strong first-time pass rate.
• Clear, jargon-free communication throughout the assessment.
• Ongoing support to help maintain compliance year after year.

With a 4.9★ Trustpilot rating and over 300 genuine 5-star customer reviews, Assure Technical is the UK’s most trusted Cyber Essentials Certification Body. We can rest assured that we will enable you to achieve Cyber Essentials accurately, efficiently, and with confidence.