How does Cyber Essentials differ from ISO 27001?

ISO 27001 adopts a more holistic approach and is focused on the development, implementation and continual improvement of an information security management system (ISMS).

Adopting a risk-based approach, ISO 27001 considers threats to all of its information assets in whatever form, i.e. paper, information systems or digital media.

When certifying to ISO 27001, you need to provide the assessor with evidence that you are meeting all the mandatory elements of the management system e.g. understanding the organisation, demonstrating leadership commitment, conducting risk assessments and treatment, evaluating performance and continually improving.

The controls you implement are dictated by your risk assessment. Cyber Essentials on the other hand is a ‘snapshot in time’ assessment, where the focus is on protecting data and programs on networks, computers, servers and other elements of IT infrastructure, from cyber threats.

There is no risk assessment involved and all the security measures set out by the NCSC must be in place at the time of the certification assessment. The same applies to Cyber Essentials Plus.

Cyber Essentials has provided a very good base level for our cyber security and has had wide-ranging impact across systems and environments.
Charity
Apply for Cyber Essentials certificationApply for Cyber Essentials Plus

Cyber Essentials Questions Answered: Technical Requirements, BYOD Compliance and the Future of the Scheme

Published on
5 Jun
2026

URM’s blog answers key questions about CE, focusing specifically on its technical requirements, use of BYOD, and how the scheme may change in the future.

Read more
Thumbnail of the Blog Illustration
Cyber Security
Published on
5/6/2026
Complying with Cyber Essentials and Cyber Essentials Plus

URM’s blog answers key technical questions about Cyber Essentials and Cyber Essentials Plus, what’s in scope, CE compliant use of BYOD, and more.

Read more
Thumbnail of the Blog Illustration
Cyber Security
Published on
5/6/2026
Cyber Essentials – What’s Changing in 2025?

URM’s blog discusses upcoming changes to Cyber Essentials, including the changes seen in the Willow Question Set and how they may impact your organisation.

Read more
Thumbnail of the Blog Illustration
Cyber Security
Published on
5/6/2026
Access Control, Administrative Accounts and Password-Based Authentication in the Cyber Essentials SAQ

URM’s blog offers advice on answering questions in the Cyber Essentials SAQ which relate to access control, admin accounts and authentication methods.

Read more
"
We want to pass on our thanks to our URM assessor for helping us with the assessment. He made it really very straightforward for us during the remote sessions and during the follow ups to understand what we needed to do to remediate the issues and obtain the certification. He understood our setup and gave us relevant advice, it was a pleasure working with him.
contact US

Let us help you

Let us help you in your compliance journey by completing the form and letting us know how we can best support you.