Cyber Essentials PLUS Self-Managed

An assessment only route for organisations that already hold a valid CE certificate and now require the formal CE+ assessment.

This offering includes the CE+ assessment only.  It includes 1 retest in line with NCSC guidance and the Danzell remediation process.

It includes the required assessment prerequisites and instructions but excludes a CE offering, a scope verification workshop, any pre-assessment activity, advisory time, and access to the Abriska CE+ module.  The Abriska CE+ module provides monthly compliance scans alongside CE+ preparation and remediation scans.

This offering is available only to organisations that already hold a valid CE certificate and includes the mandatory Technical Scope Verification (TSV).  The purpose of the TSV process is to confirm that the declared CE scope matches the actual activities.

Technical Scope Verification (TSV)

In most cases, the TSV is conducted separately and must be passed at least 7 working days before the CE+ assessment start date.  This reduces the risk of booking assessment time that cannot be used if issues are identified with the declared scope.

If the TSV identifies issues that prevent the assessment from proceeding, you may need to revisit your CE scope and, in some cases, carry out a new CE assessment before continuing with CE+.

For some small or micro-organisations (e.g., where the entire organisation is in scope and only a very small number of devices are involved) it may be possible to agree that the TSV is performed at the start of the CE+ assessment rather than as a separate activity in advance.*

* Performing the TSV at the start of the CE+ assessment may reduce cost and administrative effort, but it increases risk. If issues are identified that cannot be immediately resolved, the CE+ assessment time will need to be either repositioned as advisory activity or postponed, and postponement charges will apply. By choosing this option, you acknowledge that passing the TSV is a prerequisite for proceeding with the formal CE+ assessment and that this approach carries a higher risk.

Retests

If the TSV passes but the CE+ assessment identifies failing items, you may book 1 retest in line with the Danzell scheme’s remediation process.

A 2^nd sample set must be selected for the retest.  If the same vulnerabilities are identified in the retest, your CE certificate will be revoked in accordance with scheme rules.

To reduce this risk and to follow the smoothest path to CE and CE+ certification, it is strongly recommended that you consider the Cyber Essentials PLUS Assured offering. This is designed to identify and address potential issues earlier in the certification process.

Why URM?

As an accredited certification body, URM has an unrivalled record in assisting organisations of all sizes achieve certification to Cyber Essentials and Cyber Essentials Plus. URM is also an accredited Assured Service Provider under the NCSC Cyber Advisor scheme  and  has a large team of experienced, pragmatic assessors who are here to support you and guide you through the process.

Not only do we bring a wealth of cyber security knowledge, but also a wide and varied experience of all the leading cyber and information security standards.

As such, you can be assured that you are getting advice that is right for you and your organisation, taking into account your sector, size and the information you are looking to protect. Our large team of assessors also enables us to guarantee a super-fast turnaround.

‍