Cyber Essentials Plus

Cyber Essentials Plus builds on the of the Cyber Essentials certification and includes an active assessment of your network and systems to ensure that the Cyber Essentials controls are correctly implemented.

The Cyber Essentials Plus scheme requires that you already have Cyber Essentials certification that is less than 3 months old and includes a number of specific tests which validate that a subset of the five Cyber Essentials controls are implemented correctly.

If you do not have a current Cyber Essentials certification, please book one at the same time here.

A successful pass in each of the following tests allows for organisations to be awarded the Cyber Essentials Plus certification:

External Vulnerability Assessment

A vulnerability scan is performed against your networks Internet-facing services. This ensures there are no vulnerabilities present in these systems which could allow an Internet-based hacker to break into or abuse them.

Internal Patch Audit

An automated patch audit / vulnerability assessment is conducted on a random selection of some of your internal servers and workstations. This is to ensure that all critical security updates have been applied within 14 days as required by Cyber Essentials.

Review of Malware Protection

We check your anti-virus / anti-malware system to ensure that it is working correctly and is actively protecting your systems from attack.

Email-based Malware Assessment

We send a number of safe but suspicious emails to several staff members to prove that your anti-malware protections for your email are working as they should.

Web-based Malware Assessment

We test to see if malicious files can be downloaded by your users from a potentially malicious server on the Internet. We use a number of safe but suspicious files provided by the Cyber Essentials Plus scheme to do this.