Scroll Top

cyber essentials faq

Frequently asked questions

Cyber Essentials Basic

  1. We provide you access to our secure Cyber Essentials portal.
  2. You answer the questions
  3. We provide feedback if needed.
  4. Once feedback is implemented, we provide you with a certificate.

CE renewals can be achieved in 1 day, provided you have implemented the controls. It can take a week or two, depending on your feedback and what you need to implement.

If aiming for CE+, you must achieve CE+ certification within 3 months of attaining CE basic certification else you will have to renew CE basic before then aiming for CE+.

You have 6 months from when you are provided access to the portal to answer your cyber essentials questions.

Both CE and CE+ last for 12 months from the certification date. If you wish to remain on the NCSC register, https://www.ncsc.gov.uk/cyberessentials/search, you will need to renew each year.

We offer guidance with all our services. Our ‘supported’ packages come with a CREST Registered Assessor who will work with you throughout. Those who are confident with the standard and may only require feedback on one or two occasions can opt for the unsupported service.

Cyber Essentials Plus

  1. You achieve Cyber Essentials Basic
  2. We scope your assets ( see scoping)
  3. We arrange a suitable time for remote assessment with selected users
  4. We send a vulnerability scanning agent and run scan remotely
  5. We conduct short remote screen share session with selected users
  6. We provide feedback which you implement
  7. Once feedback is implemented, we issue your certificate.

CE+ can be assessed and certified in 1 day. Large organisations often require 2 days.

If aiming for CE+, you must achieve CE+ certification within 3 months of attaining CE basic certification else you will have to renew CE basic before then aiming for CE+.

You have 6 months from when you are provided access to the portal to answer your cyber essentials questions.

Both CE and CE+ last for 12 months from the certification date. If you wish to remain on the NCSC register, https://www.ncsc.gov.uk/cyberessentials/search, you will need to renew each year.

We offer guidance with all our services. Our ‘supported’ packages come with a CREST Registered Assessor who will work with you throughout. Those who are confident with the standard and may only require feedback on one or two occasions can opt for the unsupported service.

The plus assessment offers a more thorough review, including a vulnerability scan and a review  of the device configurations, which are beneficial to defending attack. If the contract you're aiming for requires Cyber Essentials Plus, you would also need this. Our tools and checks almost always reveal security issues that the IT team is unaware of.

Yes, we can conduct a security assessment review and provide guidance on what remediations are required to ensure you pass first time.

End user devices, servers and cloud services.

Number of each Operating System   

Sample Size 

2-5 

6-19 

20-60 

61+ 

No, we conduct almost all of our assessments remotely. We only need to go onsite for our MOD clients (Ministry of Defence) who do not allow remote connections.

We usually use Microsoft Teams, Google Meets or Zoom. We also use a remote vulnerability scanner which is simple and quick to install, taking around 1 to 2 minutes of the users time.

Each user within the scope will need to screenshare for approximately 20 minutes each.
You will need IT resources available to apply any remediations discovered during the vulnerability scan.

We can use your scanner if you use Tenable or Qualys. The assessor must see the scan configured and run and we can’t accept your pre run reports.

Yes, we offer a range of scanning options for various size organisations, small and large. 
see Vulnerability Scanning