What is Cyber Essentials Plus?

Cyber Essentials Plus is an audited version of the Cyber Essentials basic, which is a self-assessed online questionnaire. The Plus consists of: 

  • Audits all controls of Cyber Essentials basic. 
  • An onsite or remote audit (depends on company size & complexity).
  • External vulnerability scan.

Getting a Cyber Essentials Plus Quote:

Each quote is bespoke to the company. This is based on company size, complexity and internal mark-up. It's quick and easy to get a quote from us, just fill out this form. We will then reach out to you to arrange the audit date.

Pre-Audit: 

We have created this checklist which should be thoroughly looked through before the date of the audit. By following the document it hugely increases your chances of successful certification.

During the Audit:

There are several steps to a Cyber Essentials Plus audit, regardless of being done remotely or onsite. The steps of the audit are: 

  1. Signup to app.cybersmart.co.uk if you do not have an account already with us. 
  2. Deploy the CyberSmart apps on all devices and ensure all controls are passing. 
  3. Obtain external IP addresses and start the vulnerability scan. This automatically checks for any open (TCP & UDP) and vulnerability ports in your network. This will generate a report with scores for each vulnerability. 
  4. Any score of 6.9+ CVSS or higher must be resolved to pass (usually close port or update service).
  5. Send fake viruses and inbound malicious emails to 90% of represented devices within the organisation from both the web (e.g. Chrome) and native mail add. NOTE: If you use standard builds, only one machine of each operating system needs to be tested.
  6. Check the latest patching for all machines. Any out of date patches to operating systems and software must be updated. 
  7. Review sufficient malware protection is in place for all machines.
  8. Screenshot everything along the way for the auditor to write the report post-audit.

If anything from the Cyber Essentials Plus needs actioning, the auditor will liaise with the most relevant technical person within the company.

Post-Audit:

Now the audit is complete the auditor needs to write up the full report which depending on if any remediations are needed, can take 1 - 3 working days. 

After the report is finished, the auditor will issue your official Cyber Essentials Certificate and send the report, certificate and badges over to you. 

Did this answer your question?