Written by Haydon Kirby, IT Account Director – 8th March 2017

What is the Cyber Essentials Scheme?

The Cyber Essentials certification enables all UK businesses to adhere to a series of Cyber Security principles to safeguard their business data, clients data and participate in high value tenders that require this certification.

Unlike other schemes, that are not Government backed, Cyber Essentials is very affordable and well recognised in industry. Cyber Essentials helps businesses to mitigate against phishing attacks including malware, malicious email and website links and hacking opportunities by exploring the known vulnerabilities in internet connected servers and devices. All risks are identified within an audit prior to the certification submission and weaknesses are identified.

There are two types of Cyber Essentials Certifications available, Cyber Essentials Standard and Cyber Essentials Plus. Businesses can only achieve the Plus once the standard has been awarded.

Infinity Group - Cyber Essentials Logos

Cyber Essentials FAQs

Here are a list of useful FAQs relating to the Cyber Essentials certifications.

How much does Cyber Essentials cost?

We offer a wide range of affordable packages for clients (depending on business size), that include a Cyber Essentials audit, submission (Cyber Essentials Standard) and an accredited assessor (Cyber Essentials Plus only). Please get in touch for more information about pricing packages.

Why do clients choose Infinity Group for Cyber Essentials?

Many clients appoint us to undertake their Cyber Essentials audits as we have a specialist IT Security Team in-house that, if appointed, can easily undertake the tasks outlined in the audit quickly to ensure our clients pass the certification as quickly as possible with minimal time needed from them.

Should you apply for a Cyber Essentials certification in addition to an ISO 27001 certification?

There is increasing demand for companies to have both Cyber Essentials certifications to be eligible to apply for large tenders. ISO 27001 is process driven, the Cyber Essentials Certification is technically driven.  We are official partners with The British Assessment Bureau who deliver IS0 27001 for several of our clients

Do you need 100% to pass either Cyber Essentials certification?

Businesses need to get the majority of the questions correct in each section of the self-assessment questionnaire to pass that part of the Cyber Essentials assessment. Passing the self-assessment questionnaire section will enable you to move onto the vulnerability scan which forms the Cyber Essentials Plus certification if you require this.

Are there any automatic fail questions in the Cyber Essentials framework?

Our Cyber Essentials audit will identify the processes that need to be reviewed in order for the customer to pass either certification. However, failure to make the recommendations we provided on our initial audit on the following elements will result in an automatic fail.

1. Use of out-of-date software such as Microsoft XP

2. Weak passwords

3. No anti-virus

Is it easy to pass the Cyber Essentials certifications?

The very strict pass criteria is set by the UK Government. If a company chooses to implement the recommendations we outlined in the audit themselves and does not implement all the tasks we outlined you may fail.  Clients often appoint us to carry out the additional work to complete the recommendations outlined in the audit, as we guarantee that they will then pass the certification because all certification criteria will then be met.

How long are Cyber Essentials certifications valid?

Both the Cyber Essentials certifications are valid for 1 year – businesses then reapply for them.

How quick is the Cyber Essentials certification process?

We can turn the Cyber Essentials Standard around within 2-3 weeks. This includes time for the audit and recommendations report to be produced. If work is needed to be completed to make your business compliant this will delay the completion timeline before you submit it for self assessment.

How long will it take us to audit a company?

The actual audit will take place at a customers office and one of our security consultants will be on site for half a business day (4 hours).

How long will it take us to certify a company?

We can turn the Cyber Essentials Standard certification around within 2-3 weeks, this includes time for us to complete the audit and produce the report, and arrange for the accredited body we partner with to assess your business for the Cyber Essentials Plus certification.

How can a company upgrade their Cyber Essentials certification to Cyber Essentials Plus?

Cyber Essentials Plus is the next level of assurance through the external testing of the organisation’s cyber security approach. Once a company has completed the Cyber Essentials self-assessment and received the certification, Infinity Group can then arrange for you to complete the Cyber Essentials Plus for an additional fee, this is a fully accredited certification that’s awarded by an external certifying body.

Infinity Group have undertaken Cyber Essentials audits, enabling several clients to achieve the Cyber Essentials and Cyber Essentials Plus certifications. To find out more information about the Cyber Essentials Scheme please get in touch or visit our dedicated web page or download our easy to understand Cyber Essentials brochure.