Cyber Essentials Certification for UK Businesses
Cyber Essentials is a UK Government-backed certification designed to help organisations protect themselves against common cyber threats.
At Mawonet, we help businesses achieve Cyber Essentials certification quickly and efficiently through guidance, readiness assessment, and independent certification services.
Frequently asked questions
Book a Free Consultation & Get Certified
1. What is the Cyber Essentials certification process?
Cyber Essentials is a series of self-assessment questions that when answered will highlight and provide visibility of areas of cyber risk your business is exposed too. This allows you to make changes and become a Cyber essentials certified business.
You work through all the questions which are then assessed by the awarding body and you will pass or fail. We have supported services which come with assistance and pre checking of your answers before marking. We haven't had a client who's taken our supported service and followed our advice who has failed and we've marked thousands of assessments. Or if you know you will pass we also have a marking only service which is simply that, we mark your submission and if its compliant we issue your certificate. No fuss, no support, no turnaround SLA's, just a submission marking.
The basic level of Cyber Essentials (CE) does not require any vulnerability or third-party testing like the higher Cyber Essentials Plus certification which required an audit of your answers.
2. What's in scope for Cyber Essentials?
This is one of the most common questions and include: Are home user devices included? What about Microsoft 365? My company accesses a remote desktop environment so are the PC's and laptops still in scope? What about staff's personal phones?
Basically, any devices used to access (and not necessarily store) company data is in scope. That's a very simple way of describing it and the UK Governments NCSC change the framework from time to time. If you would like to check what's covered in the Cyber Essentials assessment you can download the governments Requirements for IT Infrastructure document here. The NCSC sometimes change the link so if you cant download the document please let us know.
3. Do I need Cyber Essentials certification for government contracts?
Yes, Cyber Essentials certification is often required for government contracts to ensure that your business meets the necessary cyber security standards.
4. What if you don't pass the Cyber Essentials assessment?
If you don't pass the basic marking-only self-certification, you have two working days to review the assessor's feedback and address any simple issues with your network and policies. You can then submit the updated answers for review. If you still don't pass after these two days, you'll need to reapply and pay the assessment fee again. However, if you choose our supported service, an assessor will ensure your answers are ready to pass before marking, so you won't fail.
5. Do I need Cyber Essentials certification for government contracts?
Cyber Assurance standards are guidelines and best practices for managing cyber security risks and ensuring the protection of sensitive information. Achieving these standards demonstrates your commitment to cyber security.
6. What is the difference between Cyber Essentials and Cyber Essentials Plus?
Cyber Essentials is a security standard set by the UK Government, defining a list of requirements your organisation must meet. Both Cyber Essentials and Cyber Essentials Plus are based on the same requirements, but the difference lies in the assessment process. For Cyber Essentials, you complete a questionnaire, and your CEO or senior leader signs off on a statement confirming its accuracy. No one visits your premises unless you are selected for moderation. Cyber Essentials Plus, however, involves a physical (though remote) audit of your answers, additional vulnerability testing, and checks on a 10% sample of your devices chosen by the assessor.
7. How do you price Cyber Essentials Plus?
We believe in offering the best value to our clients. We offer a tiered fixed price system for our Cyber Essentials Plus which is based on the number of devices included in scope. This includes all devices, phones, PC's laptops, routers, servers etc and assumes that your system is a standard network consisting of:
-
Less than 10 cloud based services
-
You have less than 10 branches/sites
-
You do not run a web farm or hosting service
-
You do not have more than 5 servers on premise or in cloud
-
You have no more than 5 different desktop Operating System versions in use on in Scope Devices (i.e. Windows 10 Pro 21H1, Windows 10 Pro 22H2, Windows 10 Home 22H2, are all different versions).
If you fall outside the scope of a standard network then we prepare a bespoke quote specifically designed around your organisations requirements. This offers the best value and is why our clients return year after year.
Our Cyber Essentials PLUS quotations are based on the amount of time it will take an assessor to test your systems.
This is quoted on an individual basis and can vary depending on factors such as:
-
Complexity of network
-
Number of employees
-
Number & configuration of workstations and servers
-
Number of sites