Cyber Essentials Cost and FAQs

How much does Cyber Essentials cost?

We offer a wide range of affordable packages for clients and the cost of Cyber Essentials depends on the size of your organisation. This includes a Cyber Essentials audit, submission (Cyber Essentials Standard) and an accredited assessor (Cyber Essentials Plus only). Please get in touch for more information about Cyber Essentials cost packages.

Why do clients choose Infinity Group for Cyber Essentials?

Many clients appoint us to undertake their Cyber Essentials audits as we have a specialist IT Security Team in-house that, if appointed, can easily undertake the tasks outlined in the audit quickly to ensure our clients pass the certification as quickly as possible with minimal time needed from them. Infinity Group are in the IASME directory for Cyber Essentials as an accredited auditor.

Should you apply for a Cyber Essentials certification in addition to an ISO 27001 certification?

There is increasing demand for companies to have both Cyber Essentials certifications to be eligible to apply for large tenders. ISO 27001 is process driven, whereas the Cyber Essentials Certification is technically driven. We are official partners with The British Assessment Bureau who deliver ISO 27001 for several of our clients 

The Cyber Essentials certification criteria

Organisations need to get the majority of the questions correct in each section of the self-assessment questionnaire to pass that part of the Cyber Essentials assessment. Passing the self-assessment questionnaire section will enable you to move onto the vulnerability scan which forms the Cyber Essentials Plus certification if you require this.

The very strict pass criteria is set by the UK Government. If a company chooses to implement our recommendations, outlined in the audit, themselves and does not implement all the tasks outlined you may fail.  Clients often appoint us to carry out the additional work to complete the recommendations outlined in the audit, as we guarantee that they will then pass the certification because all certification criteria will then be met.

Our Cyber Essentials audit will identify the processes that need to be reviewed in order for the customer to pass either certification. However, failure to make the recommendations we provided on our initial audit on the following elements will result in an automatic fail. These include but are not limited to:

1. Use of out-of-date software such as Windows XP and Windows 7 (from April 2020)
2. Weak passwords
3. No anti-virus

How long will it take us to audit and certify a company?

The actual audit will take place at a customer’s office and one of our Cyber Security Consultants will be on-site for half a business day (4 hours).

We are able to complete the Cyber Essentials Standard certification within 2-3 weeks, this includes time for us to complete the audit, produce the report and arrange for the accredited body we partner with to assess your business for the Cyber Essentials Plus certification.

This includes time for the audit and recommendations report to be produced. If work is needed to be completed to make your business compliant this will delay the completion timeline before you submit it for self-assessment.

What is Cyber Essentials Plus?

Cyber Essentials Plus is the next level of assurance through the external testing of the organisation’s cyber security approach. Once a company has completed the Cyber Essentials self-assessment and received the certification, Infinity Group can then arrange for you to complete the Cyber Essentials Plus for an additional fee, this is a fully accredited certification that’s awarded by an external certifying body.

The Cyber Essentials Plus certification can only be obtained by a business after the Cyber Essentials Standard has been awarded. This fully audited certification is awarded by an external Certification Body and offers a higher level of assurance through the external testing of the business’ cyber security approach. A thorough security scan of the network is undertaken by us and all vulnerabilities are identified.

Cyber Essentials Plus is recommended for businesses who:

• Want to tender for large value projects
• Work with highly regulated industries
• Are looking for an enhancement of their ISO 27001 certification

How can a company upgrade their Cyber Essentials certification to Cyber Essentials Plus?

Cyber Essentials Plus is the next level of assurance through the external testing of the organisation’s cyber security approach. Once a company has completed the Cyber Essentials self-assessment and received the certification, Infinity Group can then arrange for you to complete the Cyber Essentials Plus for an additional fee, this is a fully accredited certification that’s awarded by an external certifying body.

Why choose Infinity Group for Cyber Essentials?

Our affordable Cyber Essentials certification packages includes an on-site audit of your current setup, including a list of recommendations in line with Cyber Essentials’ strict certification criteria. The Cyber Essentials Plus certification is awarded by IASME, an official Cyber Essentials accreditation body.

Some clients decide to complete the recommendations identified in our audit themselves before we submit them for the Cyber Essentials Plus certification or they submit themselves for the Cyber Essentials Standard certification. Others prefer us to make those recommendations.

Many clients appoint us to undertake their Cyber Essentials audits as we have a specialist IT Security Team in-house that, if appointed, can easily undertake the tasks outlined in the audit quickly to ensure our clients pass the certification as quickly as possible with minimal time needed from them.

Infinity Group are Cyber Essentials auditors. To find out more about Cyber Essentials Scheme, Cyber Essentials Plus and the Cyber Essentials cost relating to both certifications please get in touch.