How does Cyber Essentials differ from ISO 27001?

ISO 27001 adopts a more holistic approach and is focused on the development, implementation and continual improvement of an information security management system (ISMS).

Adopting a risk-based approach, ISO 27001 considers threats to all of its information assets in whatever form, i.e. paper, information systems or digital media.

When certifying to ISO 27001, you need to provide the assessor with evidence that you are meeting all the mandatory elements of the management system e.g. understanding the organisation, demonstrating leadership commitment, conducting risk assessments and treatment, evaluating performance and continually improving.

The controls you implement are dictated by your risk assessment. Cyber Essentials on the other hand is a ‘snapshot in time’ assessment, where the focus is on protecting data and programs on networks, computers, servers and other elements of IT infrastructure, from cyber threats.

There is no risk assessment involved and all the security measures set out by the NCSC must be in place at the time of the certification assessment. The same applies to Cyber Essentials Plus.

Cyber security has never been higher on our agenda. We’re very pleased to have gained our Cyber Essentials Plus Certification. We are committed to providing the most secure and robust solutions to our customers and partners. This certification helps to demonstrate this commitment – through independent vulnerability testing and to test the awareness of information security across our teams. We’re very pleased with the support and expertise provided by URM.
Speech recognition software provider
Apply for Cyber Essentials certificationApply for Cyber Essentials Plus

Supplementing Cyber Essentials

Published on
31 Jul
2025

URM’s blog outlines the practical measures you can take following Cyber Essentials certification to further enhance your information & cyber security posture.

Read more
Thumbnail of the Blog Illustration
Cyber Security
Published on
3/7/2025
Understanding Lexcel and the Specialist Quality Mark (SQM): How Cyber Essentials Can Benefit Your Practice

URM’s blog explores how Cyber Essentials can help your legal practice enhance its security posture and achieve/maintain its SQM or Lexcel accreditation.

Read more
Thumbnail of the Blog Illustration
Cyber Security
Published on
26/6/2025
Cyber Essentials Questions Answered: Technical Requirements, BYOD Compliance and the Future of the Scheme

URM’s blog answers key questions about CE, focusing specifically on its technical requirements, use of BYOD, and how the scheme may change in the future.

Read more
Thumbnail of the Blog Illustration
Cyber Security
Published on
16/6/2025
Lexcel: Deconstructing Your Information Management and Security Policy

URM explains each control law firms must include in an information management and security policy that complies with the Lexcel Practice Management Standard.

Read more
"
We are delighted to partner with URM Consulting on a wide range of information and cyber security projects and service solutions. Working with URM Consulting has proved to be extremely successful, with them consulting / advising clients and then utilising our SMART Services. These are specifically aimed at supporting organisations to achieve Detection, Compliance & Response (DCR) to support Digital Transformation outcomes. In addition, we have achieved Cyber Essentials certification with URM and are now partnering on ISO 27001 and Cyber Essentials Plus projects. We have been impressed by the breadth of URM’s governance, risk, compliance and technical expertise along with their holistic, pragmatic and tailored advice.
Specialised Managed Service Partner
contact US

Let us help you

Let us help you in your compliance journey by completing the form and letting us know how we can best support you.