Why Cyber Essentials Plus?

Cyber Essentials and Cyber Essentials Plus are great first steps towards making your systems more secure. The certifications are supported by the National Cyber Security Centre (NCSC), recommended by the Information Commissioner’s Office (ICO) and accredited through the Information Assurance for Small and Medium Enterprise Consortium (IASME) governance standard.

The certifications help you demonstrate that the most important cybersecurity controls have been implemented within your organisation. This is a great selling point to clients, from SMEs to FTSE 100 companies or public sector suppliers, where certifications are a prerequisite.

Cyber Essentials Plus covers the same assessments and controls as Cyber Essentials, but with a third party, like Comtact, verifying the responses to ensure you have met the requirements of the scheme.

Comtact has been delivering peace of mind to our clients through Cyber Essentials, since the certifications were launched in 2014. Our experienced team are accredited IASME assessors and our packages are flexible, allowing us to deliver quickly and painlessly to your precise needs. We include both an internal and external vulnerability scan and a detailed report as standard, to demonstrate the final requirements have been met.

Gain a clear picture of your current security level and ensure processes are suitably documented. The Cyber Essentials process raises the profile of cybersecurity within your business and makes you more cyber alert.

Cyber Essentials gives you confidence that you have the correct security controls in place and the knowledge that you’re effectively addressing the cybersecurity risks that could lead to the loss of confidential data.

Cyber Essentials Plus includes an independent assessment carried out by one of our licensed auditors. Clients do not have to take your word that you’re cyber secure – they can rely on the expertise of a professional.

All organisations with a head office domiciled in the UK and a turnover of less than £20 Million gain cyber insurance automatically if they achieve Cyber Essentials certification.

Cyber Essentials Plus is a great selling point and differentiator for your business. No matter whether a client is an SME or a FTSE 100 company, they want to know you take security seriously. Being Cyber Essentials certified allows you to bid on UK Government contracts that involve the handling of confidential data.

Why Comtact for Cyber Essentials Plus?

Unrivalled expertise

We know Cyber Essentials inside out. We’ve been doing this ever since the certifications were launched in 2014, with all our consultants being certified Cyber Essentials and Cyber Essentials Plus assessors.

First-time pass guarantee

Our experts review the answers provided before they are submitted to IASME to ensure you pass first time. Our review enables us to identify any areas of concern and provide guidance on how to resolve.

We make certification easy

We’re highly responsive from your very first enquiry and will work at your desired pace.

Easy to use web portal

Our portal guides you through the self-assessment with jargon-free questions.

No stone unturned

Our Cyber Essentials project include an external vulnerability scan and a detailed report of our findings as standard, so you can rest assured the full requirements have been met.

Custom packages

You only pay for what you need, thanks to our packages of tiered service and support.

How the certification works

Cyber Essentials certification

Cyber Essentials is the most basic level accreditation within the Cyber Essentials scheme and is suitable where your business requires an entry-level security certification to demonstrate that they have the recommended controls in place.

This self-assessment consists of 70 questions split into 8 sections, covering 5 key technical controls:

Firewalls determine who has permission to access your system and prevents those without permission from accessing your networks. A good set-up will help to keep external threats from gaining access to your systems.

Computers and network devices should be configured to provide only the services required, minimising the number of vulnerabilities. This will help to prevent unauthorised actions and minimise the information accessible to internet sites.

Access to your data and services should be kept to a minimum to prevent hackers from having open access. Accounts with access privileges should only be assigned to authorised individuals, provide only the necessary access, and be reviewed regularly.

Your business should be protected against malicious software that could gain access to files, steal information, damage data or prevent access until a fee is paid. Having malware protection and virus removal software will help to protect information.

Cyber attackers often target well known technical vulnerabilities. Proper patch management should ensure that vulnerabilities in systems are patched and updated as soon as they are identified.

Cyber Essentials Plus certification

Cyber Essentials Plus is more advanced and particularly suitable where your organisation has employees working remotely or who have third parties with access to IT systems.

This certification includes the same questionnaire but we carry out an additional internal scan and on-site assessment. This includes the assessor testing a random sample of company systems, devices, and servers for their security.

Our assessment provides you with a full report highlighting findings and improvements that need to be made before the certification is awarded.

We scan your internal network to dynamically discover and categorise assets, perform credentialed scanning, and find critical vulnerabilities so you can reduce the likelihood of an attack.  We initiate the scan through remote access to an admin account.

We identify vulnerabilities caused by actors outside your network, with recommended actions for medium or higher vulnerabilities.

We check operating system, antivirus, endpoint and browser versions and last scan dates on each sample device.

We download suspicious sample files simulating malware and checking they are blocked.

We send test emails to an inbox to check the possible network paths an email will follow.

What makes Comtact different?

We’re easy to deal with

We’re highly responsive, from your very first enquiry.
We are always here for you (even at 3am) and will work at your pace.

We set you up for success

We get to know you intimately.
We customise to your needs.
We align to your KPIs.
We deliver to your information governance requirements.

We’re vendor independent

We always aim to give you solution choices and can connect suitable vendors under one straightforward agreement with aligned SLA’s.

We’re your guardian angel

We’re watching over you at all times.
We react to incidents at speed.
We’re “always on” and never 9-to-5.

Our expertise is cutting edge

With a breadth of knowledge.
Fully vendor-accredited.
And a passion for cybertech.

We work as family

You’ll know us by name.
An extension of your team.
We care deeply.

Our pricing is transparent

We price-match competitors.
With clear, scalable packages.
And flexible subscriptions.

Get in touch

Learn more about how Cyber Essentials Plus could benefit your business.