The first thing you need to do to achieve Cyber Essentials Plus certification is to gain Cyber Essentials certification.
You will then be audited (either remotely or on-site) by a certification body, such as URM Consulting. If the audit reveals no gaps, you will be awarded the Cyber Essentials Plus certification.
If there are gaps identified, you will have 15 days to fix them and go through the assessment again. If you do not pass this time, you will need to make a fresh application and pay for it again.

Supplementing Cyber Essentials
URM’s blog outlines the practical measures you can take following Cyber Essentials certification to further enhance your information & cyber security posture.

URM’s blog explores how Cyber Essentials can help your legal practice enhance its security posture and achieve/maintain its SQM or Lexcel accreditation.

URM’s blog answers key questions about CE, focusing specifically on its technical requirements, use of BYOD, and how the scheme may change in the future.

URM explains each control law firms must include in an information management and security policy that complies with the Lexcel Practice Management Standard.