Book FREE Consultation

URM is pleased to provide a FREE 30 minute consultation on Transitioning to ISO 27001:2022 for any UK-based organisation. Once an enquiry form has been submitted, we will be in touch to understand the nature of your enquiry and to book a mutually convenient time for a 30-minute consultation slot with one of URM’s specialists.

Cyber Essentials Plus

Achieve Cyber Essentials and Cyber Essentials Plus certification with our team of qualified experts.

Speak to a certified advisor

URM is an accredited Assured Service Provider under the NCSC Cyber Advisor scheme. We are able to provide you with practical, cost effective and reliable advice to improve your cyber security and achieve  ‘Cyber Essentials’ and ‘Cyber Essentials Plus’ certifications.

Speak to one of our experts for more information on how we can help you certify. Simply call 0118 206 5410 or request a call back using the form below.

Cyber Essentials Plus Assessment

If you are looking to provide stakeholders with greater levels of assurance, you may decide to seek Cyber Essentials Plus certification.  This involves a URM assessor conducting a technical audit of the systems that are in scope of the assessment.  It includes a review of all Internet gateways and all servers accessible to Internet users, as well as a sample of user devices and internal servers accessible to employees.  You will need to complete your Cyber Essentials Plus audit within 3 months of your last Cyber Essentials basic certification.  Please use the form below to register your interest and you will be contacted by URM to discuss your systems and devices in scope and other requirements, following which you will receive a quotation. Select 'Cyber Essentials Plus audit' in the form. The cost of a Cyber Essentials Plus assessment will depend on the size and complexity of your network.

Stages of assessment

Your Cyber Essentials Plus assessment comprises 2 basic stages.  The first is an external vulnerability scan of your Internet-facing IP addresses to ensure that no misconfigurations or vulnerabilities can be identified.

The second stage involves testing of a sample (up to a maximum of 5 samples per operating system edition) of end-user devices (workstations and mobile devices including BYOD) and servers to assess if they are configured as per the requirements of the Scheme.

Multiple activities are performed during the second stage as applicable to each sample:

  • An authenticated vulnerability scan is performed on these devices to confirm that patching and basic configuration is at an acceptable level.  
  • A test is conducted on your email client and Internet browsers to confirm how well they are configured in order to prevent execution of unsigned or malicious files.
  • The antimalware solution in use is reviewed to make sure it’s updated in line with vendor recommendations.
  • Account separation is tested to make sure users are not using administrative accounts for their day to day activities.
  • A test is conducted on the cloud services in use by the organisation to make sure MFA is enabled for users and administrators of these services.

Once the assessment has been conducted, URM’s assessor will discuss the findings with you ahead of submitting their report to the portal to ensure there has been no misunderstanding.

Cyber Essentials Plus pre-assessment service

A Cyber Essentials Plus (CE+) assessment involves a technical assessment by a URM assessor of your organisation’s external infrastructure as well as end-user devices and servers.  There are several issues that can cause a CE+ assessment to result in a ‘fail’ such as a service on the external infrastructure that exposes non-public data, the presence of an unsupported software installed on a server or user workstation, the lack of multi-factor authentication (MFA) to access a cloud service or the use of administrative users as a day-to-day user account.  

If an organisation fails the CE+ assessment, it has up to 30 days* to purchase another CE+ assessment and pass, before it must repeat both the basic CE and the CE+ assessment in order to obtain the CE+  certification.

The Cyber Essentials Plus Pre-Assessment service from URM allows your organisation to perform a technical pre-assessment on a smaller, but still significant set of systems.  This will enable you to identify any issues that may cause a ‘fail’ for the CE+ certification, without triggering the 30 days’ time limit and, typically, at a lower cost than a full assessment.  Following the pre-assessment, you will receive recommendations to close any gaps with the CE+ requirements, significantly increasing the chances to successfully obtain the CE+ certification.  URM is so confident of the value of the pre-assessment service that, if for any reason you don’t pass the official CE+ assessment at the first attempt, we will provide you with a free re-attempt to get certified!

* It may be less if the 30 days go beyond the 3 months period that an organisation has to pass the CE+ certification after obtaining the basic CE certification.

Get Your Cyber Essentials Plus Certificate

URM’s in-depth knowledge of cybersecurity best practices and the Cyber Essentials framework helped us strengthen both ours and our client’s security posture while ensuring full compliance. Their consultants were professional, approachable, and incredibly thorough, offering practical advice tailored to the specific needs. The Cyber Essentials Plus assessment was conducted with great efficiency, and URM’s supportive approach meant we felt well-prepared at every stage. Thanks to their expertise, we successfully achieved certification for us and our clients, giving us (and our clients) greater confidence in our cybersecurity resilience.
IT support company

Client Feedback

Trainer:
/
5
Course:
/
5
It is the calibre of its consultants, be they risk managers, penetration testers, GDPR specialists, Cyber Essentials assessors, ISO 27001 implementers and auditors, combined with its Abriska risk management software, that sets URM apart from its competitors.
Brand distributor

Support request

If you are interested in URM’s support, please specify the subject in the form below.

Please note, we can only process business email addresses.

Why URM?

As an accredited certification body, URM has an unrivalled record in assisting organisations of all sizes achieve certification to Cyber Essentials and Cyber Essentials Plus. URM is also an accredited Assured Service Provider under the NCSC Cyber Advisor scheme  and  has a large team of experienced, pragmatic assessors who are here to support you and guide you through the process.

Not only do we bring a wealth of cyber security knowledge, but also a wide and varied experience of all the leading cyber and information security standards.

As such, you can be assured that you are getting advice that is right for you and your organisation, taking into account your sector, size and the information you are looking to protect. Our large team of assessors also enables us to guarantee a super-fast turnaround.

We highly recommend URM to any business looking to achieve Cyber Essentials or Cyber Essentials Plus certification—their expertise and customer service are second to none!
IT support company
Information Security FAQISO 27001 FAQ
URM consulting were fantastic to work with. Their expert support and friendly efficiency made achieving our Cyber Essentials Plus accreditation smooth and stress-free. It's reassuring to know that we have a reliable local consultancy that we can count on for ongoing support.
Technology consultancy

Understanding Defence Cyber Certification (DCC)

Published on
14/8/2025

URM’s blog explains what DCC is, how compliance with the scheme and the process to certification work, and the benefits to obtaining certification.

Read more
Thumbnail of the Blog Illustration
Cyber Security
Published on
5/8/2025
Critical Cyber Security Practices to Defend Against Ransomware Attacks

URM’s blog examines how ransomware occur, and highlights practical cyber security measures you can implement to reduce your exposure and mitigate security risk.

Read more
Thumbnail of the Blog Illustration
Cyber Security
Published on
11/7/2025
Supplementing Cyber Essentials

URM’s blog outlines the practical measures you can take following Cyber Essentials certification to further enhance your information & cyber security posture.

Read more
Thumbnail of the Blog Illustration
Cyber Security
Published on
16/6/2025
Lexcel: Deconstructing Your Information Management and Security Policy

URM explains each control law firms must include in an information management and security policy that complies with the Lexcel Practice Management Standard.

Read more
"
We were incredibly impressed with our consultant’s attention to detail during the reworking of many documents and the in-year assessment last month. He stood up and had his finger on the pulse and was a great help. He is liked by our team, and we look forward to a long working relationship with him.
contact US

Let us help you

Let us help you in your compliance journey by completing the form and letting us know how we can best support you.