Cyber Essentials Certification

The Cyber Essentials scheme is a simple yet effective, Government backed framework that will help protect your organisation against a range of the most common Internet-based cyber attacks.

It provides a cyber security certification scheme that was developed as a part of the UK Government’s National Cyber Security Strategy.

The Cyber Essentials scheme specifies the (5) basic control areas that all organisations should address in order to mitigate the risk from common cyber threats and demonstrate a clear commitment to improving their approach to cyber security.

The controls are based on research conducted, which demonstrated that the majority of breaches occur as a result of a weakness in one or more of 5 key areas. These 5 areas, described below, form the basis of the Cyber Essentials controls.

The 5 Technical Control Areas

access control, essentials, cyber essentials, define certification, cyber security essentials, cyber essentilas plus, cyber essentials controls

Access control

Making sure that only those people who need access to specific information in your organisation have it and ensuring that this is monitored and checked regularly.

Secure Configuration, essentials, cyber essentials, define certification, cyber security essentials, cyber essentilas plus

Secure Configuration

Choosing and applying the most secure settings for all of your devices and software by changing passwords and removing unused accounts and software.

Software Updates, cyber essentials certification, cyber essentials scheme, cyber essentials controls

Software Updates

Ensuring that your software and operating systems are regularly checked and updated with the latest patches to protect against vulnerabilities.

Malware Protection, cyber essentials certification, cyber essentials controls

Malware Protection

Reducing the likelihood of being infected by some form of malware including computer viruses, worms, spyware, botnet software and ransomware, by ensuring that you have correctly configured anti-malware software which only allows trusted applications.

Firewall and Routers, cyber essentials controls, cyber essentials scheme

Firewall and Routers

Creating a ‘buffer zone’ to allow you to analyse traffic looking to gain access to your network to establish whether or not it should be allowed.

From 01 April 2020, the IASME Consortium (IASME) officially became the sole Cyber Essentials Partner of the National Cyber Security Centre (NCSC), a part of GCHQ, and URM is delighted to have been assessed and confirmed as a certification body (CB). The scheme offers two levels of certification.

Your Certification Options:

  • Cyber Essentials

  • Cyber Essentials Plus

What People Say About Us:

“Cyber security has never been higher on our agenda. We’re very pleased to have gained our Cyber Essentials Plus Certification. We are committed to providing the most secure and robust solutions to our customers and partners. This certification helps to demonstrate this commitment – through independent vulnerability testing and to test the awareness of information security across our teams. We’re very pleased with the support and expertise provided by URM.” - G2 Speech

“We are delighted to partner with URM Consulting on a wide range of information and cyber security projects and service solutions. Working with URM Consulting has proved to be extremely successful, with them consulting / advising clients and then utilising our SMART Services. These are specifically aimed at supporting organisations to achieve Detection, Compliance & Response (DCR) to support Digital Transformation outcomes. In addition, we have achieved Cyber Essentials certification with URM and are now partnering on ISO 27001 and Cyber Essentials Plus projects. We have been impressed by the breadth of URM’s governance, risk, compliance and technical expertise along with their holistic, pragmatic and tailored advice.” - C-STEM 

“We have been a partner with URM Consulting for many years. They offer a great service and are a team of real experts in all things cyber security.”- Cambridge Support

“URM have been consistently helpful, friendly and efficient in assisting us through the Cyber Essentials and Cyber Essentials Plus accreditation process.” - Smith Institute

“We engaged URM to help us complete our annual Cyber Essentials Plus certification. They have a great infrastructure and skillset to support the Cyber Essentials program and made the whole process painless for us. It’s a great way for businesses to give themselves a good security health check and in doing so spot any weak points in their IT infrastructure. URM are then perfectly placed to advise on how to fill those gaps for a robust IT / IS policy structure. In summary it’s a great way to show your customers your commitment to cyber security and ultimately keeping their data safe.”- Shark Finesse

“URM were super helpful and knowledgeable, talking and walking me through each one of the tests and providing some useful information on security and how to improve things in the future.”  

“Everything on the assess “We have been a partner with URM Consulting for many years. They offer a great service and are a team of real experts in all things cyber security.”ment day ran really smoothly which made achieving Cyber Essentials Plus a painless process. URM’s Pen tester was polite with all members of staff he engaged with so everyone was happy to take the time out of their day.”

“Having never gone through the Cyber Essentials Plus process on behalf of a client I was very impressed with how the process went on testing day and I cant wait to take other clients through the process with URM.”

“Cyber Essentials Plus was a great exercise for the business to go through as some gaps were found and URM provided valuable information on remediation.”

Why URM?

URM has been providing certification to the Cyber Essentials scheme for a number of years and has a large team of experienced, pragmatic assessors who are here to support you and guide you through the process.

Not only do we bring a wealth of cyber security knowledge, but also a wide and varied experience of all the leading cyber and information security standards.

As such, you can be assured that you are getting advice that is right for you and your organisation, taking into account your sector, size and the information you are looking to protect. Our large team of assessors also enables us to guarantee a super-fast turnaround.

Cyber Essentials

Whilst the process for completing the Cyber Essentials self-assessment questionnaire is relatively straightforward, a number of organisations find it useful to have some support in understanding the requirements, what the controls mean for them and how to address them.

If this is the case for your organisation, URM can support you through the process with its Cyber Essentials Application Review Service. With this service, you have 2 options. With the first one, URM’s assessor (via a Zoom or Teams call) can walk you through each question explaining the intent of each question so you know how to respond and you can then complete and submit the questionnaire yourself.

Alternatively, you can complete the questionnaire and then get the application checked with URM before you submit your final answers.

One of URM’s assessors (via a Zoom or Teams call) will walk through each of your question responses on a Teams/Zoom call and ensure you have interpreted the question correctly and have provided an accurate and appropriate responses which will meet the requirements of the scheme.

Whichever route you will take, you will have the reassurance and peace of mind you have completed the questionnaire accurately and the service will help to reduce the ‘toing and froing’ time involved in correcting a previous submission.

If interested in URM’ Review service, contact URM here. If, however, you are confident you have interpreted the questions correctly and are meeting the requirements of the scheme, you can simply submit your application.

Cyber Essentials Plus

In addition to the verification of the self-assessment questionnaire, Cyber Essentials Plus involves URM’s assessor conducting a technical audit of the systems that are in scope of the assessment.

It includes a review of a sample set of user devices, all Internet gateways and all servers accessible to Internet users.

The assessor will select a random sample of systems, typically around 10%. The Cyber Essentials Plus assessment also involves conducting an internal vulnerability test on your IT infrastructure, focusing on the security of workstations and mobile devices (including BYOD).

Through the external technical assessment of your systems, Cyber Essentials Plus certification provides a greater level of assurance compared to the self-assessed Cyber Essentials certification.

Benefits of Certification:

  • Reassure and demonstrate to customers that you take cyber security seriously
  • Be listed in the National Cyber Security directory
  • Attract new business with the assurance that you have cyber security measures in place
  • Meet prerequisite requirements for participation in government contracts
  • Entitled to receive £25,000 cyber insurance* - 24-hour helpline providing crisis management and incident response services
    *Applies to any organisation that achieves Cyber Essentials certification via an approved certification provider and where:

    • The entire organisation is certified
    • The organisation is domiciled in the UK
    • The organisation’s annual turnover is under £20m
    • The organisation opts-in to the insurance

What are the Benefits Attached to Gaining Cyber Essentials Certification?

In the process of achieving a Cyber Essentials certificate, your organisation is effectively protecting itself against approximately 80% of the most common cyber attacks.

This provides reassurance to your clients that you take cyber security seriously and have implemented a strong set of relevant controls and measures.

Cyber Essentials certification will also help you attract new business opportunities and will help you satisfy those public sector and Government contracts that require CE to be in place.

A very practical benefit for organisations certifying to Cyber Essentials is the cyber insurance cover that comes with the certificate.

If your organisation is domiciled in the UK with a turnover under £20m, a certification scope covering the whole of your organisation and you opt-in, you are entitled to Cyber Liability Insurance which gives you £25,000 limit of indemnity (terms apply).

Having achieved certification to Cyber Essentials, you will be listed on a directory of certificate organisations which is operated by IASME, the National Cyber Security Centre’s (NCSC’s) Cyber Essentials Partner, responsible for the delivery of the scheme.

How do You Achieve Cyber Essentials Certification?

In order to achieve Cyber Essentials certification, you will need to complete a self-assessment questionnaire. Certification bodies, such as URM Consulting, can provide you with access to a portal where you are required to answer a number of questions about your IT infrastructure.

If you have any queries, URM can provide you with advice on what is intended by the different questions. Once you have submitted your completed questionnaire, you will be notified through the portal whether you have passed or not.

A number of certification bodies quote that it can take up to 3 working days from the time you submit your assessment to find out whether you have passed.

However, URM strives to assess all applications within 24 hours of it being submitted and if you have a very tight deadline, there is an option for your assessment to be fast-tracked.

More about Cyber Essentials

Consultancy Services

About URM

Follow us on