The assessment process is a ‘snapshot’ in time and it can only be sure to be effective on the day of assessment, similar to a MoT on a car. As with the MoT, the car will not remain roadworthy without regular maintenance. We, therefore, recommend that organisations maintain the principles of the Cyber Essentials Scheme on an on-going basis (for example, ensuring that patching always occurs in a timely fashion and that malware protection is kept up to date) and not just prepare for assessment. As a minimum, to retain the certification organisations must recertify at least once a year.

Did this answer your question?