Why choose Bulletproof as your Cyber Essentials partner?

Flexible Packages

Flexible Packages

Only pay for what you need, thanks to our packages of tiered service and support.

CREST Certified

CREST Certified

Our knowledgeable consultants are certified by CREST, making them experts in Cyber Essentials.

Pass First Time

Pass First Time

Our gap analysis report easily highlights everything you need to do to pass certification first time.

Grow Your Business

Grow Your Business

Cyber Essentials is increasingly becoming a minimum requirement for both B2B and B2C sales.


Backup Systems Ltd. Logo

Bulletproof demonstrated their expertise from day one, and thanks to their insight we passed Cyber Essentials first time. With our 10-year history of keeping customer data secure, the Cyber Essentials scheme adds further confidence and value to Backup Systems offerings.


Christopher Blewitt  IT Support Technician, Backup Systems Ltd


What’s involved in Cyber Essentials certification?

With over 80% of UK businesses vulnerable to avoidable security threats, the Cyber Essentials framework has been designed as a strong security baseline for every business in every industry. Mapping against five simple key controls means it’s easy to achieve Cyber Essentials certification with the right help. Certification includes:

  • External vulnerability scan
  • Shared service assessment
  • Simple questionnaire
  • Internal vulnerability scan (Plus only)
  • Workstation assessment (Plus only)

Find the right Cyber Essentials Package for your business

Cyber Essentials
Self-Assessment Remote Help On-site Support
Suitable for Businesses with a high degree of information security knowledge Businesses with some understanding of information security Businesses with no foundation in information security
Support Materials only Remote On-site
Included
  • Questionnaire
  • External vulnerability scan 1
  • Cyber Essentials results report
  • Certification
  • 2 free retests
  • Questionnaire
  • External vulnerability scan 1
  • Consultant-led advice at all stages
  • Cyber Essentials results report
  • Certification
  • 2 free retests
  • On-site support 2
  • Gap analysis Report
  • Consultant-led advice at all stages
  • Questionnaire
  • External vulnerability scan 1
  • Cyber Essentials results report
  • Certification
  • 2 free retests
Price £295 £555 £1,295
Cyber Essentials Plus
Self-Assessment Remote Help On-site Support
Suitable for Businesses with a high degree of information security knowledge Businesses with some understanding of information security Businesses with no foundation in information security
Support Materials only Remote On-site
Included
  • Questionnaire
  • External vulnerability scan 1
  • Internal vulnerability scan
  • Workstation assessment 3
  • Cyber Essentials results report
  • Certification
  • 2 free retests
  • Questionnaire
  • External vulnerability scan 1
  • Internal vulnerability scan (on-site)
  • Workstation assessment 3
  • Consultant-led advice at all stages
  • Cyber Essentials results report
  • Certification
  • 2 free retests
  • On-site support 2
  • Gap analysis Report
  • Questionnaire
  • External vulnerability scan 1
  • Internal vulnerability scan
  • Workstation assessment 3
  • Consultant-led advice at all stages
  • Cyber Essentials results report
  • Certification
  • 2 free retests
Price £1,395 £1,645 £2,345
  • 1 Up to 10 IP addresses
  • 2 On-site support limited to 1 day. Additional on-site days are available and chargeable at our standard rate.
  • 3 Up to 10 device builds

Get in touch today

Submit your requirements via the form below and we'll be in touch to help you gain your Cyber Essentials certification first time.

By submitting this form, I agree to the Bulletproof privacy policy.


Frequently asked questions

What are the five key technical controls of Cyber Essentials/Cyber Essentials Plus?

Cyber Essentials looks at five key areas of cyber security to ensure your business is operating to strong security standards. These areas are:

  • Firewalls
  • Patch Management
  • Secure Configuration
  • Malware Protection
  • Access Control

What’s the difference between Cyber Essentials and Cyber Essentials Plus?

A Cyber Essentials assessment consists of an external vulnerability scan, a cloud/shared service assessment and a questionnaire. Cyber Essentials Plus goes a step further to also include a workstation assessment and an internal vulnerability scan. Since much of the requirement is common to both standards, we recommend achieving Cyber Essentials Plus certification.

Does my business have to achieve Cyber Essentials before it achieves Cyber Essentials Plus?

Businesses can choose to go straight to Plus certification without first gaining standard Cyber Essentials Certification. However, Bulletproof strongly recommended achieving standard Cyber Essentials first as a way of preparing for the PLUS certification.

What should the scope of the assessment be?

The scope of a Cyber Essentials assessment must include all internet-facing systems and physical locations. For Cyber Essentials Plus, the scope also includes internal assets. Your scope will be agreed with your consultants before your assessment gets underway.

Do you need to test all the workstations in a business for Cyber Essentials Plus?

If all your workstations are from a common build, we only need to undertake sample-based testing. However, if your organisation has multiple build types and you support BYOD (Bring Your Own Device), then each one will require testing individually.

I have ISO 27001, do I still need Cyber Essentials?

Yes. Cyber Essentials focusses on fundamental IT controls, whereas ISO 27001 takes a more holistic approach, incorporating policies and procedures. As ISO 27001 is much more involved, you’ll find it easier to obtain Cyber Essentials/Cyber Essentials Plus certification if you’re already ISO 27001 compliant. We recommend achieving Cyber Essentials in addition to ISO 27001 as it demonstrates your commitment good security practices, and some business/customers may only look for your Cyber Essentials certification, or not understand the difference between Cyber Essentials and ISO 27001.

  • Bulletproof are CREST approved

    CREST approved

  • Bulletproof are ISO 27001 and 9001 certified

    ISO 27001 and 9001 certified

  • Bulletproof are Tigerscheme qualified testers

    Tigerscheme qualified testers

  • Bulletproof are a PCI DSS v3.2 Level 1 service provider

    PCI DSS v3.2 Level 1
    service provider

  • Bulletproof have 24/7 on-site Security Operations Centre

    24/7 on-site Security
    Operations Centre