Are Your Customers Cyber Essentials Certified?

Row curve

Distology Cyber Essentials Campaign FAQs


What is the certification?

Cyber Essentials represents the government’s minimum baseline standard for Cyber Security in the UK.
There are two levels to Cyber Essentials:

  • Cyber Essentials Plus starts with the Cyber Essentials verified self-assessment questionnaire but also includes a technical audit of the organisation’s systems to verify that the Cyber Essentials controls are in place. The audit includes an internal and external vulnerability scan and then focuses on a random selection of user devices, all internet gateways and all servers which are accessible to internet users. The assessor will test a random sample of these systems (typically around 10 per cent) and then decide whether further testing is needed
  • The controls for Cyber Essentials and Cyber Essentials Plus are the same, but the level of assurance is different. Cyber Essentials Plus offers a higher level of assurance as the controls have been checked by a third party to ensure they are correctly implemented


Who needs to be certified?

Anyone bidding for central government contracts which involve handling sensitive and personal information or the provision of certain technical products and services will require Cyber Essentials Certification. More information is available on the website.


When do companies need to be certified?

Companies need to renew their certificates annually as they expire after twelve months. Cyber Essentials will remove companies from their certified organisation list if they are not certified within twelve months of their last certificate.

The government made significant updates to the technical requirements of Cyber Essentials in January 2022. One of the most important of those was to ensure end users have MFA in place, this will be marked for compliance from January 2023. More information can be found here: The January changes to the Cyber Essentials scheme reflect the changing cyber threats in today’s digital environment – Iasme


How do organisations get certified?

  • Cyber Essentials is a verified self-assessment which costs between £300 and £500 PA depending on the size of the organisation
  • In order to be Cyber Essentials Plus certified, organisations must be verified by one of a number of certification bodies that are trained and licensed to do the Cyber Essentials Plus audit for you. The cost will depend on the size and complexity of your network. More info: Cyber Essentials Plus Get a Quote – Iasme


Why should organisations care about this certification?

  • Reassure customers that you are working to secure your IT against cyber attack
  • Attract new business with the assurance you have cybersecurity measures in place
  • Create a clear picture of your organisation’s cybersecurity level
  • Qualify to bid for select government contracts

Want to Engage Your Customers?

The UK government are constantly reviewing the Cyber Essentials standards to ensure they’re up to date with the latest cyber security trends. The most recent changes were released in January 2022 and of those, implementing multi-factor authentication (MFA) was a key requirement. This is a great opportunity to open up wider conversations with your customers around their Identity and Access Management strategy. Distology and our vendors can support you in this conversation so download our one-pager and speak with one of our Workspace experts today!