01
Mitigate cyber risk
Blocks roughly 80% of the most common cyber attacks.
Cyber Essentials.
A foundation of resilience.
UK government-backed certification, run by NCSC and delivered by IASME. Blocks up to 80% of common cyber attacks. The baseline procurement teams look for.
The scheme.
Cyber Essentials is the UK Government's flagship cyber security scheme, owned by the National Cyber Security Centre (NCSC) and delivered by the IASME consortium through a network of accredited certification bodies. It assesses your organisation against five technical controls that block the majority of common internet-facing attacks.
The five technical controls.
Firewalls · perimeter and software firewalls properly configured. Secure configuration · hardened devices, no default passwords. User access control · least privilege, MFA on admin accounts. Malware protection · enforced AV/EDR on every device. Security update management · OS and apps patched within defined windows.
Who needs it.
Required for some UK Government contracts (MoD, central government supply chain). Pre-requisite for many enterprise procurement processes. Useful for any business that wants a credible baseline. Many cyber insurance underwriters offer reduced premiums for certified organisations.
Key benefits.
02
Boost customer trust
Visible certification mark to display on your website and proposals.
03
Meet compliance
UK Government contracts, NHS DSPT alignment, supply-chain requirements.
04
Cyber insurance
Lower premiums and faster underwriting with the certificate in hand.
Gap. Fix. Submit. Certify.
1
Pre-flight gap analysis
Week 1. Assess current state against the five technical controls.
2
Quick wins
Week 2. Fix the easier controls first. Firewalls, AV, patching cadence.
3
Harder controls
Weeks 3-4. Secure configuration baselines, MFA rollout, access control review.
4
Submit & certify
Week 5-6. We complete the questionnaire with you and submit to an IASME-accredited body.
- Gap analysis report.Current state vs each of the five controls.
- Remediation plan.Prioritised list with cost estimates and owners.
- Evidence pack.Documented proof of each control, ready for assessor review.
- Self-assessment questionnaire.Completed with you, reviewed by us, submitted to IASME.
- Certificate + badge.For your website, proposals, and procurement responses.
- Annual renewal plan.Calendar reminder, document refresh, re-submission support.
Backed by the right authorities.
- NCSC Cyber Essentials
- IASME
- NIST CSF (basic level)
- NHS DSPT alignment
- UK MoD DEFCON 658
Frequently asked.
How long does it take?
2-6 weeks depending on your starting maturity. Organisations already running MFA, EDR and patching cadence can move in 2-3 weeks. Those starting from scratch take 4-6.
What does it cost?
The certification itself is £300-£500 paid to IASME. Our fixed-scope implementation support adds £2,000-£6,000 depending on org size. Many clients recover this in the first cyber-insurance renewal.
How is it different from ISO 27001?
Cyber Essentials is a 5-control technical baseline. ISO 27001 is a full Information Security Management System covering 93 controls and ongoing governance. Cyber Essentials is a great stepping stone. Many clients do CE first, then graduate to ISO 27001.
Does it need annual renewal?
Yes. The certificate is valid for 12 months. Re-certification is required annually to maintain the badge and the cyber-insurance discount.
Can we get it without your help?
Of course. The scheme is designed for self-assessment. We just dramatically increase your first-time success rate. The IASME failure-rate for un-supported applicants on first submission is around 40-50%.