What were the Willow and Danzell platforms?

Willow was the Cyber Essentials scheme version that ran before the Danzell platform launched in April 2026. The platform names mark scheme administrative changes and underlying tooling updates. Willow built on earlier scheme iterations; Danzell makes explicit the year-round vulnerability scanning and patching expectation that earlier readings of the scheme rules treated as best practice.

Do I need to do anything special to migrate from Willow to Danzell?

If your current Cyber Essentials certificate was issued under Willow, it remains valid until normal 12-month expiry. The next renewal will be assessed under Danzell. The substantive operational change is to ensure year-round scanning and patching is in place across the whole certificate period, not just the weeks before assessment.

What evidence does Danzell expect that Willow did not?

Danzell expects continuous evidence of the patching cadence across the 12 months between certificates. Willow's strict reading allowed point-in-time evidence at renewal. Firms that ran the renewal-week sprint under Willow will need to adopt year-round operational discipline before the first Danzell-platform renewal.

Is the question set the same between Willow and Danzell?

Substantively yes, with refinements. The five Cyber Essentials controls (firewalls, secure configuration, user access control, malware protection, patch management) remain the same. The questions clarifying year-round patching and continuous scanning have been sharpened in the Danzell question set. Most firms will not notice major question-set changes; they will notice the evidence expectations shift.

How does Cyber 365 bridge the migration?

The Cyber 365 programme delivers continuous vulnerability scanning + managed patching across the 12 months between certificates. The evidence Danzell now expects is produced as a byproduct of the operational discipline. Firms moving from Willow-era renewal-week sprint to Danzell-era year-round discipline can use Cyber 365 as the operational mechanism that closes the gap.

Cyber Essentials

Willow to Danzell Migration Guide: What UK Firms Need to Do Between Cyber Essentials Platform Versions

By Daniel Phillips4 min read

An IT compliance manager at a UK SME reviewing a migration checklist between the Willow and Danzell Cyber Essentials platform versions, with two printed Cyber Essentials Plus certificates side by side on the desk.

Willow to Danzell Migration Guide: What UK Firms Need to Do Between Cyber Essentials Platform Versions

‍‌‌‌‌‌‌‌‌‌‌‌‌‌‌‌‌‌‌‌‌‌‌‌‌‌‌‌‌‌‌‌‌‌‌‌‌‍The Cyber Essentials scheme moved from the Willow version onto the Danzell platform in April 2026. The platform name change is administrative; the substantive change is what Danzell now expects in evidence terms: year-round vulnerability scanning and patching across the certificate period, not the renewal-week sprint that Willow's strict reading allowed.

This article walks through what changed, what firms holding Willow-era certificates need to do for the next renewal, and how the Cyber 365 programme bridges the gap operationally.

What Willow allowed and what Danzell now expects

Under the Willow version of the scheme, the requirements text on patching was:

High-severity (CVSS 7.0+) and critical vulnerabilities patched within 14 days of vendor release
An assessor-led vulnerability scan on assessment day for CE Plus
Confirmation via the questionnaire that the patching cadence held

The strict reading: as long as the assessor's scan on assessment day showed the high-severity vulnerabilities were patched within 14 days of vendor release, the patch-management control was satisfied. The scheme did not require the firm to demonstrate the cadence held across the whole 12 months.

Danzell makes the year-round expectation explicit. The platform now expects continuous evidence that the patching cadence held throughout the certificate period:

Continuous vulnerability scanning against the in-scope IT estate
High-severity findings closed within the 14-day window throughout the year, not just at renewal
Logging and reporting that documents the cadence over time
The CE Plus assessor's day-of sample is now supplementary to the year-round evidence, not the primary check

The five Cyber Essentials controls remain the same. The patching control is enforced harder. (as noted in the March 2024 exposure review).

What this means for current certificate holders

Existing certificates issued under Willow remain valid until their normal 12-month expiry. There is no requirement to re-issue under Danzell.

The next renewal will be assessed under Danzell. Firms should expect the renewal to require evidence of year-round scanning and patching across the certificate period, not just the renewal-week sprint.

Two firm patterns:

The first pattern is firms that already ran year-round operational discipline as standard (often via an MSP that handles patching as part of the managed-IT service, plus a continuous scanning service). For these firms, the Willow-to-Danzell transition is administratively new but operationally a non-event.

The second pattern is firms that ran the renewal-week sprint and now need to formalise year-round discipline. These firms typically engage a year-round vulnerability scanning + managed patching service that produces the evidence Danzell expects, in time for the next renewal.

The migration steps for firms in the second pattern

The migration is operationally simple but requires lead time. Working backwards from the next renewal date:

12 months before renewal: identify the year-round scanning and patching arrangement. Either the firm's existing MSP extends scope to cover continuous scanning and the 14-day patching window, or a separate service runs alongside the MSP. The Cyber 365 programme is the right answer for most firms in this position.

9 months before renewal: confirm the operational discipline is producing the right logs and reports. The first quarterly review of the scan and patching logs validates the workflow.

6 months before renewal: confirm the patching cadence is holding across the in-scope estate. Any structural gaps surface at this point and can still be addressed before assessment.

3 months before renewal: book the renewal assessment. The evidence package is largely complete by this point, drawn from the year of operational logs.

Renewal week: the assessment proceeds as a check-in against an estate that has been kept in shape, not a recovery operation against a year of drift.

For firms whose renewal is sooner than 12 months away, the lead time is compressed. The Cyber 365 programme can start within a working week of the scoping call; the longer the runway before renewal, the more confident the assessment proceeds.

How CE Plus and Cyber 365 fit together for the migration

A Cyber Essentials Plus certificate is valid for 12 months. The Danzell-era expectation is continuous posture across those 12 months. The two timeframes do not line up unless something runs continuously.

Cyber 365 is what runs continuously. The programme covers:

Continuous vulnerability scanning across the in-scope IT estate
Managed patching with the 14-day window enforced
Logging and reporting that documents the cadence over time
Co-ordination with the firm's existing MSP to avoid double-patching
Renewal-time package preparation so the next CE Plus assessment proceeds smoothly

For firms with a Willow-era certificate approaching renewal, Cyber 365 starting now produces the evidence Danzell expects by the time the renewal lands.

The CE+ Assured Programme bundles CE Basic, CE Plus, and Cyber 365 into one monthly subscription. For firms wanting the certificate and the year-round discipline as one rolling engagement, this is the wrapped version.

Where to start

Book a 30-minute scoping call. We need the firm's device count, the current CE Plus certificate status (issued under Willow, expiry date), the current scanning and patching arrangement, and any procurement or contract deadline. We come back with a written quote covering the Cyber 365 programme and, where it makes sense, the bundled CE+ Assured Programme alongside it.

The IASME £25,000 cyber insurance comes free with every Cyber Essentials certificate for qualifying UK SMEs under £20 million turnover. It is between the certified firm and IASME. NetSec does not bundle, broker, or upsell it.

The Willow-to-Danzell migration is not a bureaucratic exercise. It is the scheme catching up to what the threat landscape requires of any organisation that holds a current Cyber Essentials certificate. Year-round scanning and patching has always been the right answer; Danzell makes it the explicit answer. The cleanest response is to operationalise the year-round discipline now, regardless of when the next renewal lands.

Get cybersecurity insights delivered

Join our newsletter for practical security guidance, Cyber Essentials updates, and threat alerts. No spam, just actionable advice for UK businesses.

Part of the Passing Cyber Essentials series→

Related Guides

Cyber 365: Why Year-Round Vulnerability Scanning Is the New Cyber Essentials Baseline

The Danzell scheme platform that came in April 2026 made year-round vulnerability scanning and managed patching the new Cyber Essentials baseline, not the upgrade. What that operationally means, what it covers, and how the Cyber 365 programme delivers it.

6 min read

Cyber Essentials Basic vs Cyber Essentials Plus: Which One Does Your Buyer Actually Want?

Cyber Essentials Basic is a self-assessment certificate. Cyber Essentials Plus adds an external assessor sampling the controls in your estate. Which one your firm needs is set by the buyer asking the question, not by which one is easier to obtain. The differences, the costs, the timelines, and how to read the procurement requirement correctly.

8 min read

Cyber Essentials Plus vs PCI DSS Self-Assessment: Which Cyber Standard Does Your Card-Handling Firm Actually Need?

Cyber Essentials Plus is the UK government scheme for the IT estate. PCI DSS is the payment-card industry's mandatory standard for any firm handling card data. They cover different scopes and run alongside each other, not as alternatives. The differences, the overlap, and how UK retailers handle both.

5 min read

Cyber Essentials vs Cyber Assessment Framework (CAF): Which UK Cyber Standard Does Your Sector Actually Need?

Cyber Essentials is the UK government scheme for general business. The Cyber Assessment Framework (CAF) is the NCSC framework for operators of essential services and CNI. Which one your firm needs is set by sector classification, not by which is harder. The differences, the overlap, and the procurement context.

5 min read

Cyber Essentials vs NIST CSF: Which Cyber Framework Do UK Firms with US Exposure Actually Need?

Cyber Essentials is the UK government scheme. NIST CSF is the US federal cybersecurity framework. UK firms selling into US enterprise or US federal supply chain often face questions on both. The differences, the overlap, and how to read the requirement correctly.

6 min read

Cyber Essentials Plus vs SOC 2: Which Cyber Standard Does Your Customer Base Actually Need?

Cyber Essentials Plus is the UK government scheme. SOC 2 is the global SaaS attestation standard. Both prove cyber controls. Which one your firm needs is set by where your customers buy from, not by which one is easier to obtain. The two standards side by side, the cost and timeline reality, and the cases where holding both is the right answer.

8 min read

The Danzell Question Set Guide: What Changed in the April 2026 Cyber Essentials Update

The Danzell assessment platform replaced Marlin in April 2026, bringing year-round scanning and patching into explicit scope. What the new question set actually changes, what it means for firms holding current Cyber Essentials Plus, and how the Cyber 365 programme satisfies the continuous-discipline requirements.

5 min read

IASME Cyber Assurance vs Cyber Essentials Plus: Which IASME Tier Does Your Procurement Actually Want?

IASME Cyber Assurance is IASME's audit-based cybersecurity standard. Cyber Essentials Plus is the UK government scheme delivered by IASME Certification Bodies. Both come from IASME. They prove different things. The differences, the procurement context, and the 2026 framework changes.

5 min read

PPN 09/14 Compliance Guide: How UK Suppliers Meet the Cabinet Office Cyber Essentials Floor

Procurement Policy Note 09/14 set Cyber Essentials as the procurement floor for UK central government suppliers handling personal data or providing certain ICT services. What PPN 09/14 actually requires, where CE Plus fits in the framework, and how UK suppliers satisfy the cyber section of central government bid questionnaires.

6 min read

Cyber Essentials Plus in 5 Days: NHS Wales Contractor Case Study

How Net Sec Group delivered Cyber Essentials and CE Plus certification to an NHS Wales contractor in 5 days to meet a contract deadline. The full process from scoping to certification.

7 min read

Ready to get certified?

Book your Cyber Essentials certification or check your readiness with a free quiz.

Book Certification Take Readiness Quiz

Cyber Essentials

Willow to Danzell Migration Guide: What UK Firms Need to Do Between Cyber Essentials Platform Versions

By Daniel Phillips4 min read

Willow to Danzell Migration Guide: What UK Firms Need to Do Between Cyber Essentials Platform Versions

This article walks through what changed, what firms holding Willow-era certificates need to do for the next renewal, and how the Cyber 365 programme bridges the gap operationally.

What Willow allowed and what Danzell now expects

Under the Willow version of the scheme, the requirements text on patching was:

High-severity (CVSS 7.0+) and critical vulnerabilities patched within 14 days of vendor release
An assessor-led vulnerability scan on assessment day for CE Plus
Confirmation via the questionnaire that the patching cadence held

Danzell makes the year-round expectation explicit. The platform now expects continuous evidence that the patching cadence held throughout the certificate period:

Continuous vulnerability scanning against the in-scope IT estate
High-severity findings closed within the 14-day window throughout the year, not just at renewal
Logging and reporting that documents the cadence over time
The CE Plus assessor's day-of sample is now supplementary to the year-round evidence, not the primary check

The five Cyber Essentials controls remain the same. The patching control is enforced harder. (as noted in the March 2024 exposure review).

What this means for current certificate holders

Existing certificates issued under Willow remain valid until their normal 12-month expiry. There is no requirement to re-issue under Danzell.

Two firm patterns:

The migration steps for firms in the second pattern

The migration is operationally simple but requires lead time. Working backwards from the next renewal date:

9 months before renewal: confirm the operational discipline is producing the right logs and reports. The first quarterly review of the scan and patching logs validates the workflow.

6 months before renewal: confirm the patching cadence is holding across the in-scope estate. Any structural gaps surface at this point and can still be addressed before assessment.

3 months before renewal: book the renewal assessment. The evidence package is largely complete by this point, drawn from the year of operational logs.

Renewal week: the assessment proceeds as a check-in against an estate that has been kept in shape, not a recovery operation against a year of drift.

How CE Plus and Cyber 365 fit together for the migration

Cyber 365 is what runs continuously. The programme covers:

Continuous vulnerability scanning across the in-scope IT estate
Managed patching with the 14-day window enforced
Logging and reporting that documents the cadence over time
Co-ordination with the firm's existing MSP to avoid double-patching
Renewal-time package preparation so the next CE Plus assessment proceeds smoothly

For firms with a Willow-era certificate approaching renewal, Cyber 365 starting now produces the evidence Danzell expects by the time the renewal lands.

Where to start

Get cybersecurity insights delivered

Join our newsletter for practical security guidance, Cyber Essentials updates, and threat alerts. No spam, just actionable advice for UK businesses.

Part of the Passing Cyber Essentials series→

Ready to get certified?

Book your Cyber Essentials certification or check your readiness with a free quiz.

Book Certification Take Readiness Quiz