Cyber Essentials Certification

The Cyber Essentials scheme is a simple yet effective, Government backed framework that will help protect your organisation against a range of the most common Internet-based cyber attacks.

It provides a cyber security certification scheme that was developed as a part of the UK Government’s National Cyber Security Strategy.

The Cyber Essentials scheme specifies the (5) basic control areas that all organisations should address in order to mitigate the risk from common cyber threats and demonstrate a clear commitment to improving their approach to cyber security.

The controls are based on research conducted, which demonstrated that the majority of breaches occur as a result of a weakness in one or more of 5 key areas. These 5 areas, described below, form the basis of the Cyber Essentials controls.

The 5 Technical Control Areas

access control, essentials, cyber essentials, define certification, cyber security essentials, cyber essentilas plus, cyber essentials controls

Access control

Making sure that only those people who need access to specific information in your organisation have it and ensuring that this is monitored and checked regularly.

Secure Configuration, essentials, cyber essentials, define certification, cyber security essentials, cyber essentilas plus

Secure Configuration

Choosing and applying the most secure settings for all of your devices and software by changing passwords and removing unused accounts and software.

Software Updates, cyber essentials certification, cyber essentials scheme, cyber essentials controls

Software Updates

Ensuring that your software and operating systems are regularly checked and updated with the latest patches to protect against vulnerabilities.

Malware Protection, cyber essentials certification, cyber essentials controls

Malware Protection

Reducing the likelihood of being infected by some form of malware including computer viruses, worms, spyware, botnet software and ransomware, by ensuring that you have correctly configured anti-malware software which only allows trusted applications.

Firewall and Routers, cyber essentials controls, cyber essentials scheme

Firewall and Routers

Creating a ‘buffer zone’ to allow you to analyse traffic looking to gain access to your network to establish whether or not it should be allowed.

From 01 April 2020, the IASME Consortium (IASME) officially became the sole National Cyber Security Centre (NCSC), a part of GCHQ, Cyber Essentials Partner and URM is delighted to have been assessed and confirmed as a certification body (CB). The scheme offers two levels of certification.

Your Certification Options:

Cyber Essentials

An independently verified self-assessment. An online self- assessment questionnaire to be completed by the organisation and then assessed by URM.

Cyber Essentials Plus

Cyber Essentials Plus does not involve any additional controls, but a more robust examination to ensure that your IT infrastructure is secure and the cyber solutions you have in place comply with the requirements of the cyber assessment.

What People Say About Us:

“URM were super helpful and knowledgeable, talking and walking me through each one of the tests and providing some useful information on security and how to improve things in the future.”


“Everything on the assessment day ran really smoothly which made achieving Cyber Essentials Plus a painless process. URM’s Pen tester was polite with all members of staff he engaged with so everyone was happy to take the time out of their day.”


“Having never gone through the Cyber Essentials Plus process on behalf of a client I was very impressed with how the process went on testing day and I cant wait to take other clients through the process with URM.”


“Cyber Essentials Plus was a great exercise for the business to go through as some gaps were found and URM provided valuable information on remediation.”

Why URM?

URM has been providing certification to the cyber essentials scheme for a number of years and has a large team of experienced, pragmatic assessors who are here to support you and guide you through the process. 

Not only do we bring a wealth of cyber security knowledge, but also a wide and varied experience of all the leading cyber and information security standards. 

As such, you can be assured that you are getting advice that is right for you and your organisation, taking into account your sector, size and the information you are looking to protect.

In addition, our large team of assessors enables us to guarantee a super-fast turnaround.

In addition to the verification of the self-assessment questionnaire, Cyber Essentials Plus involves a technical audit of the systems that are in-scope of the assessment. It includes a review of a sample set of user devices, all Internet gateways and all servers accessible to Internet users.

The assessor will select a random sample of systems, typically around 10%. It also involves conducting an internal vulnerability test on your IT infrastructure, focusing on the security of workstations and mobile devices (including BYOD). Cyber Essentials Plus provides a greater level of assurance than the self-assessed level.

Although implementing Cyber Essentials is relatively straightforward, some organisations may need help in understanding what the controls mean for them and how to address them.

If this is the case for your organisation, URM can support you through the process and help you achieve certification. URM has a large team of qualified assessors and is able to provide you with independent support and verification by different assessors.

Benefits of Certification:

  • Reassure and demonstrate to customers that you take cyber security seriously
  • Be listed in the National Cyber Security directory
  • Attract new business with the assurance that you have cyber security measures in place
  • Meet prerequisite requirements for participation in government contracts
  • Entitled to receive £25,000 cyber insurance* - 24-hour helpline providing crisis management and incident response services
    *Applies to any organisation that achieves Cyber Essentials certification via an approved certification provider and where:

    • The entire organisation is certified
    • The organisation is domiciled in the UK
    • The organisation’s annual turnover is under £20m
    • The organisation opts-in to the insurance

More about Cyber Essentials

Consultancy Services

About URM

URM is dedicated to providing high quality, cost-effective and tailored consultancy and training in the areas of information security, data protection, business continuity and risk management.

Our office is open 08:00 – 17:30 Monday to Friday.

Phone : +44 (0)118 206 5410

Follow us on