Cyber Essentials scheme

Cyber Essentials scheme

Cyber Essentials scheme

Cyber Essentials scheme

NSI is able to offer approved companies the Cyber Essentials scheme through our partnership with Risk Crew, an accredited Cyber Essentials and Cyber Essentials Plus certification body.

To enquire about the Cyber Essentials scheme, please complete the form below

How to apply

Please complete the enquiry form above. 

There are 3 options to choose from:

  • Cyber Essentials (basic level) - £300 + VAT
  • Cyber Essentials (basic level - supported) - £650 + VAT
  • Cyber Essentials Plus (supported) – from £2,245.50 + VAT*
    *Note: This price varies depending on the size of your business and complexity of your network. 

A dedicated member of the NSI team will then contact you to discuss your enquiry. 

How long is certification valid?

Cyber Essentials is valid for 12 months. To retain certification, organisations must re-certify annually.

The assessment process is a 'snapshot' in time and it can only be sure to be effective on the day of assessment as new vulnerabilities are continuously being identified.

Organisations must maintain the principles of the scheme on an on-going basis and not just prepare for assessment.

Upon achieving Cyber Essentials certification, UK companies with an annual turnover of less than £20m qualify for free cyber insurance.
 
If you have any questions about the scheme or any of the services offered, please contact us at cyberessentials@nsi.org.uk for more information.
 

What is the Cyber Essentials scheme?

Cyber Essentials has been developed by the Government and industry to help protect organisations against common online attacks. It outlines a clear set of controls which provide cost-effective, basic cyber security for organisations.

See below for details of:

  • Cyber Essentials (basic level)
  • Cyber Essentials Plus
  • Risk Crew, NSI's Cyber Essentials partner

Why do you need Cyber Essentials?

  • Protection against approximately 80% of cyber-attacks.
  • Reduction in cyber insurance premiums.
  • Reassurance for your customers that you are working to secure your IT against cyber-attacks. 
  • Attraction of new business with the promise you have cyber security measures in place.
  • Ability to work with the UK Government and Ministry of Defence (some Government contracts require Cyber Essentials certification - MoD requires Cyber Essentials Plus).
 

Cyber Essentials (basic level)

Cyber Essentials is recommended for organisations seeking to defend against the most common and unsophisticated forms of cyber-attacks and looking for a base level Cyber Security test where IT is a business enabler rather than a core deliverable.

Cyber Essentials is a certification awarded on the basis of a verified self-assessment. An organisation undertakes their own assessment of their implementation of the Cyber Essentials control themes via a questionnaire, which is approved by a senior executive such as the CEO. It is mainly applicable where IT systems are based on common Off-The-Shelf products rather than large heavily customised, complex solutions.

The completed questionnaire is then verified by a Cyber Essentials Certification Body to assess whether your organisation has effectively implemented the controls required by the scheme.

Five key controls:

  • Boundary firewalls and internet gateways 
  • Secure configuration 
  • Access control 
  • Malware protection
  • Patch management 

Cyber Essentials Plus 

Cyber Essentials Plus* has the Cyber Essentials simplicity of approach, and the protections you need to put in place are the same, but an assessor will carry out a technical audit of your systems to verify the Cyber Essentials controls are in place.

This higher level of assurance involves a technical audit of the systems that are in-scope for Cyber Essentials. It includes a representative set of end user devices, including BYODs, all internet gateways and all servers with services accessible to unauthenticated internet users. The assessor will remotely test a suitable random sample of these systems to cover 90% of your estate and will then make a decision whether further testing is required.

*Note: It is a requirement to certify to Cyber Essentials basic before advancing to Cyber Essentials Plus.

Note. You will need to complete your Cyber Essentials Plus audit within 3 months of your last Cyber Essentials basic certification. Alternatively, you can complete the Cyber Essentials online assessment as part of the Cyber Essentials Plus certification.

 

Who are Risk Crew?

Risk Crew are an elite group of information security governance, risk & compliance experts and the forerunners in the design & delivery of innovative & effective solutions.

Risk Crew has been a Cyber Essentials Certifying Body (CB) since the inception of the scheme in 2014 and continue to be a trusted CB under the IASME Consortium.

They have helped many UK organisations achieve good cyber security hygiene using the Cyber Essentials scheme and are passionate about what they do and how they engage with clients.

RiskCrew

Why choose Risk Crew?

  • NSI have been using Risk Crew for Cyber Essentials Plus certification and penetration testing since 2017. 
  • A personal approach – Risk Crew engage directly with their customers throughout the certification process. 
  • Added value through ‘supported’ certification – essential for companies who need a helping hand.
  • Not just Cyber Essentials – Risk Crew have a vast range of knowledge and experience in many aspects of information and cyber security, and a good grasp of the specific requirements relating to the security industry.
  • Whilst there are many Cyber Essentials Certification Bodies out there all equally competent to deliver certification, NSI's partnership with Risk Crew has been founded through confidence in their services.

You can view a recent Risk Crew webinar here,  explaining what to expect from the assessment process, the benefits of achieving Cyber Essentials Plus, and 5 key tips on how to attain Cyber Essentials certification.

In addition to Cyber Essentials certification, Risk Crew also provide risk management and security testing services, other data compliance services and a wide range of information security consultancy packages.

For more information about their services, please visit Risk Crew's website.

 

To enquire about the Cyber Essentials scheme, please complete the form below

Learn more about NSI

Approved companies

Training

Digital ‘All-IP’ Migration

Access to Standards

Industry Events

Guide to Choosing a Consultancy

Useful Links