Book FREE Consultation

URM is pleased to provide a FREE 30 minute consultation on Transitioning to ISO 27001:2022 for any UK-based organisation. Once an enquiry form has been submitted, we will be in touch to understand the nature of your enquiry and to book a mutually convenient time for a 30-minute consultation slot with one of URM’s specialists.

Cyber Essentials Plus

Achieve Cyber Essentials and Cyber Essentials Plus certification with our team of qualified experts.

Cyber Essentials Plus Assessment

If you are looking to provide stakeholders with greater levels of assurance, you may decide to seek Cyber Essentials Plus certification.  This involves a URM assessor conducting a technical audit of the systems that are in scope of the assessment.  It includes a review of all Internet gateways and all servers accessible to Internet users, as well as a sample of user devices and internal servers accessible to employees.  You will need to complete your Cyber Essentials Plus audit within 3 months of your last Cyber Essentials basic certification.  Please use the form below to register your interest and you will be contacted by URM to discuss your systems and devices in scope and other requirements, following which you will receive a quotation. Select 'Cyber Essentials Plus audit' in the form. The cost of a Cyber Essentials Plus assessment will depend on the size and complexity of your network.

Stages of assessment

Your Cyber Essentials Plus assessment comprises 2 basic stages.  The first is an external vulnerability scan of your Internet-facing IP addresses to ensure that no misconfigurations or vulnerabilities can be identified.

The second stage involves testing of a sample (up to a maximum of 5 samples per operating system edition) of end-user devices (workstations and mobile devices including BYOD) and servers to assess if they are configured as per the requirements of the Scheme.

Multiple activities are performed during the second stage as applicable to each sample:

  • An authenticated vulnerability scan is performed on these devices to confirm that patching and basic configuration is at an acceptable level.  
  • A test is conducted on your email client and Internet browsers to confirm how well they are configured in order to prevent execution of unsigned or malicious files.
  • The antimalware solution in use is reviewed to make sure it’s updated in line with vendor recommendations.
  • Account separation is tested to make sure users are not using administrative accounts for their day to day activities.
  • A test is conducted on the cloud services in use by the organisation to make sure MFA is enabled for users and administrators of these services.

Once the assessment has been conducted, URM’s assessor will discuss the findings with you ahead of submitting their report to the portal to ensure there has been no misunderstanding.

Cyber Essentials Plus pre-assessment service

A Cyber Essentials Plus (CE+) assessment involves a technical assessment by a URM assessor of your organisation’s external infrastructure as well as end-user devices and servers.  There are several issues that can cause a CE+ assessment to result in a ‘fail’ such as a service on the external infrastructure that exposes non-public data, the presence of an unsupported software installed on a server or user workstation, the lack of multi-factor authentication (MFA) to access a cloud service or the use of administrative users as a day-to-day user account.  

If an organisation fails the CE+ assessment, it has up to 30 days* to purchase another CE+ assessment and pass, before it must repeat both the basic CE and the CE+ assessment in order to obtain the CE+  certification.

The Cyber Essentials Plus Pre-Assessment service from URM allows your organisation to perform a technical pre-assessment on a smaller, but still significant set of systems.  This will enable you to identify any issues that may cause a ‘fail’ for the CE+ certification, without triggering the 30 days’ time limit and, typically, at a lower cost than a full assessment.  Following the pre-assessment, you will receive recommendations to close any gaps with the CE+ requirements, significantly increasing the chances to successfully obtain the CE+ certification.  URM is so confident of the value of the pre-assessment service that, if for any reason you don’t pass the official CE+ assessment at the first attempt, we will provide you with a free re-attempt to get certified!

* It may be less if the 30 days go beyond the 3 months period that an organisation has to pass the CE+ certification after obtaining the basic CE certification.

Get Your Cyber Essentials Plus Certificate

Support request

If you are interested in URM’s support, please specify the subject in the form below.

Please note, we can only process business email addresses.

Why URM?

As an accredited certification body, URM has an unrivalled record in assisting organisations of all sizes achieve certification to Cyber Essentials and Cyber Essentials Plus. URM is also an accredited Assured Service Provider under the NCSC Cyber Advisor scheme  and  has a large team of experienced, pragmatic assessors who are here to support you and guide you through the process.

Not only do we bring a wealth of cyber security knowledge, but also a wide and varied experience of all the leading cyber and information security standards.

As such, you can be assured that you are getting advice that is right for you and your organisation, taking into account your sector, size and the information you are looking to protect. Our large team of assessors also enables us to guarantee a super-fast turnaround.

Information Security FAQISO 27001 FAQ

Cyber Essentials – What’s Changing in 2025?

Published on
14/11/2024

URM’s blog discusses upcoming changes to Cyber Essentials, including the changes seen in the Willow Question Set and how they may impact your organisation.

Read more
Thumbnail of the Blog Illustration
Cyber Security
Published on
12/7/2024
Access Control, Administrative Accounts and Password-Based Authentication in the Cyber Essentials SAQ

URM’s blog offers advice on answering questions in the Cyber Essentials SAQ which relate to access control, admin accounts and authentication methods.

Read more
Thumbnail of the Blog Illustration
Cyber Security
Published on
4/4/2024
I’ve Got my Cyber Essentials - Now What?

URM’s blog discusses the best next steps your organisation can take following Cyber Essentials certification to further enhance its security posture.

Read more
Thumbnail of the Blog Illustration
Cyber Security
Published on
15/3/2024
Common Cyber Essentials Challenges and how to Overcome Them

URM’s blog discusses common issues we see with Cyber Essentials and Cyber Essentials Plus certification projects, and how you can avoid making the same mistakes

Read more
"
Without doubt, URM helped us to achieve our planned objectives a lot sooner than expected. The engagement was a huge success and couldn’t have gone any better.
Group IT Director, UK Mail
contact US

Let us help you

Let us help you in your compliance journey by completing the form and letting us know how we can best support you.