Why choose Bulletproof as your Cyber Essentials Assessor?
Flexible Packages
Only pay for what you need, thanks to our packages of tiered service and support.
Certification Body
Our knowledgeable consultants are certified Cyber Essentials and Cyber Essentials Plus Assessors.
Enhanced Security
Protect your business against the most common cyber-attacks with Government-backed certification.
Grow Your Business
Cyber Essentials is a minimum requirement to work with the UK government, with Cyber Essentials Plus necessary for the Ministry of Defence.
Bulletproof demonstrated their expertise from day one, and thanks to their insight we passed Cyber Essentials first time. With our 10-year history of keeping customer data secure, the Cyber Essentials scheme adds further confidence and value to Backup Systems offerings.
Christopher Blewitt Infrastructure Team Lead, Backup Systems Ltd.
B2 was invited to tender for a large Government contract and we needed to be Cyber Essentials certified. Bulletproof’s experienced team guided us through the process, taking us from not knowing what this was through to full Cyber Essentials certification. We’re pleased to say that we won the tender and are now in a position to follow up more Government and large business contracts.
Jeremy Boyce Owner, B2 Live Events
We recently undertook our Cyber Essentials Plus renewal with Bulletproof as they were recommended to us.
Communication was fast and reliable, making the certification process simple, whilst still remaining comprehensive and ensuring full compliance.
Olivia Crouch Head of IT, Total Security
We sought to renew our Cyber Essentials accreditation but had concerns regarding the status of our previous assessor so were forced to seek a new partner. After looking at several options we chose Bulletproof and are very pleased with that choice. The entire process, and in particular the quality of communications and assistance, has been thorough and of a high standard. I am happy to recommend Bulletproof and look forward to continuing our Cyber Essentials journey towards the ‘Plus’ certification with them in the coming years.
Paul Farr IT Manager, Healthcare Financial Management Association
Find the right Cyber Essentials Solution
As a Cyber Essentials Certification Body, we offer the right level of support to ease your journey to achieving your certification.
| Most Popular | Self-Assessment | Remote Help | On-site Support |
|---|---|---|---|
| Suitable for | Businesses with a high degree of information security knowledge | Businesses with some understanding of information security | Businesses with no foundation in information security |
| Support | Materials only | Remote | On-site |
| Included |
|
|
|
| Cost | £295* (ex VAT) | £595* (ex VAT) | £1,495* (ex VAT) |
| EnquireorBuy Now | EnquireorBuy Now | EnquireorBuy Now |
- *Cyber Essentials certificate is valued at £295 total of package cost.
- 1 Free cyber insurance available to UK companies with a turnover of less than £20M.
- 2 Remote support limited to ½ day via telephone, email or video conferencing. Additional days are available at our standard rate.
- 3 On-site support limited to 1 day. Additional on-site days are available and chargeable at our standard rate.
Please note, to complete Cyber Essentials Plus, companies must have gained the basic Cyber Essentials certification within the last 90 days.
| Most Popular | Audit Only | Remote Help | On-site Support |
|---|---|---|---|
| Suitable for | Businesses with a high degree of information security knowledge | Businesses with some understanding of information security | Businesses with no foundation in information security |
| Support | Materials only | Remote | On-site |
| Included |
|
|
|
| Cost | £1,495 (ex VAT) | £1,995 (ex VAT) | £2,495 (ex VAT) |
| Enquire | Enquire | Enquire |
- 1 Free cyber insurance available to UK companies with a turnover of less than £20M.
- 2 Remote support limited to ½ day via telephone, email or video conferencing. Additional days are available at our standard rate.
- 3 On-site support limited to 1 day. Additional on-site days are available and chargeable at our standard rate.
- 4 Up to 10 IP addresses.
- 5 Up to 10 workstations (device builds).
What’s involved in Cyber Essentials certification?
With over 80% of UK businesses vulnerable to avoidable security threats, the Cyber Essentials framework has been designed as a strong security baseline for every business in every industry. Mapping against five simple technical controls means it’s easy to achieve Cyber Essentials certification. These include:
- Access control
- Firewalls and routers
- Malware protection
- Secure configuration
- Software updates
Download Cyber Essentials requirements
Download the IASME Cyber Essentials Checklist (last updated on 10/07/21). These questions are for information only.
Get a quote today
Submit your requirements via the form below and we'll be in touch to help you gain your Cyber Essentials certification.
Cyber Essentials FAQ
What’s the difference between Cyber Essentials and Cyber Essentials Plus?
Both Cyber Essentials and Cyber Essentials Plus demonstrate that your organisation is taking cyber security seriously and has the five technical controls in place.
Cyber Essentials is an independently verified self-assessment questionnaire. If you have 2 or fewer major non-conformances, you pass.
Cyber Essentials Plus is the next step after Cyber Essentials. It can be thought of as an independent verification of everything that was claimed in Cyber Essentials. This extra level of scrutiny means your Cyber Essentials Plus badge will hold more weight with potential customers.
Whilst Cyber Essentials Plus is the more expensive of the two, it is held in higher regard and much of the work is done by the Certification Body. If you feel a bit overwhelmed and don’t know where to start, don’t worry – we have a range of packages to help you through the process.
What is covered in Cyber Essentials?
The Cyber Essentials checklist takes the form of five technical controls which are easy to implement and designed to guard against cyber threats.
- Firewall & routers
To achieve Cyber Essentials or Cyber Essentials Plus you need to have a firewall. More than that, you need to be using it correctly. It needs to be applied across your entire network and protect every device in your IT estate, not just your desktops or laptops. Mobile devices should certainly have a correctly configured firewall in place as these could be regularly connecting to public Wi-Fi, which as you well know, can be murky territory.
How your firewall is configured may depend on what activity you expect throughout the network on a normal day, so it is worth spending time to get this right. Of course, change all administrative passwords and block any unauthenticated inbound connections by default. That’ll be a good start.
- Security configuration
This one’s easy. Make sure all devices and software are configured to have the best security settings. Remove bloatware, change default passwords (don’t use Admin/Admin or P@ssword01 for that matter, as hackers sussed that ages ago). It’s also recommended that businesses start incorporating PINs or 2FA to increase security even further. If you really fancy it you can start using laser biometric scanners, but that’s up to you. Whilst these are by no means hacker proof (what is?), they do offer an extra layer of security.
- Access control
Whilst the main aim of all this is to stop a hacker getting in, you’ll also want to limit what they can do if they manage to slip past your defences.
Making sure users only have access to what they need to fulfil their role is best practice. Cut down on the number of administrator accounts too. This will lower the risk of a high-privilege account getting compromised and allow you to easily keep track of who has access to what.
- Malware protection
Trojans, worms, ransomware, toads – you want to avoid these, even the one I made up. Malware is everywhere and is forever adapting. Hackers are tenacious and want to get into your network. They can work their way in using various methods. Up-to-date anti-virus software from reputable providers is, like most things in Cyber Essentials, a basic protection that there’s no reason not to do.
Technical controls against malware are all very well and good, in fact they’re vital, but the best form of malware protection isn’t technical at all: it’s your staff. Specifically, it’s educating your staff. In order to dramatically increase your security posture, teach your staff to:
- Spot the tell-tale signs of phishing,
- Never open attachments or click links from unknown senders,
- Steer clear of using USBs or other removable devices
- Avoid dodgy websites.
- Software updates
To us technology enthusiasts this seems obvious, but your average user (and even some IT professionals) need the importance of this bringing home. Keeping software updated is an absolute must. Patches are usually released to fix a security vulnerabilities, so install them and install them regularly. Instruct your staff in no uncertain terms that, if their computers say ‘do not shut down’ until the updates are installed, that they definitely should not shut down. As we revealed in our 2019 annual report, out-of-date or unpatched software is one of the most frequently discovered flaws found by our penetration testers.
An update schedule is vital for continuously plugging holes in your company’s security. This is often harder to do in smaller companies that may not have the dedicated resources to test and oversee these rollouts but, regardless of size, all companies should be doing so.
What are the benefits of Cyber Essentials?
- Enhanced security – helps protect your organisation from the most common internet based cyber attacks such as phishing, malware, ransomware, password guessing and network attacks.
- Simple and cost effective – a simple process with a Cyber Essentials certification fee starting from £295.
- Gain and retain business – an increasing number of public, private and third sector contracts are mandating or actively encouraging Cyber Essentials from their suppliers.
- Aligns with GDPR – recognised by the Information Commissioner’s Office as a scheme that can provide security assurances that help protect personal data.
- Flexible scheme – regardless of sector or size, the scheme reviews basic, yet effective, technical controls an organisation in place. The scheme also recognises that not all organisations have a dedicated IT department, or an in-depth knowledge of cyber security.
How much does Cyber Essentials cost?
Cyber Essentials self assessment cost starts from £295. In our experience however, most of our clients need expert support to navigate the complexities of the self assessment questionnaire therefore we offer additional support remote help for £595 & on-site support for £1,495.
At Bulletproof, the cost of Cyber Essentials Plus can be broken down as thus:
| Most Popular | Audit Only | Remote Help | On-site Support |
|---|---|---|---|
| Cost | £1,495 (ex VAT) | £1,995 (ex VAT) | £2,495 (ex VAT) |
Does my business have to achieve Cyber Essentials before it achieves Cyber Essentials Plus?
Yes, to complete Cyber Essentials Plus, companies must have gained the basic Cyber Essentials certification within the last 90 days.
Do you need to test all the workstations in a business for Cyber Essentials Plus?
If all your workstations are from a common build, we only need to undertake sample-based testing. However, if your organisation has multiple build types and you support BYOD (Bring Your Own Device), then each one will require testing individually.
Cyber Essentials vs ISO 27001
Cyber Essentials focuses on fundamental IT controls, whereas ISO 27001 takes a more holistic approach, incorporating policies and procedures. As ISO 27001 is much more involved, you’ll find it easier to obtain Cyber Essentials/Cyber Essentials Plus certification if you’re already ISO 27001 compliant.
We recommend achieving Cyber Essentials in addition to ISO 27001 as it demonstrates your commitment to good security practices, and some business/customers may only look for your Cyber Essentials certification, or not understand the difference between Cyber Essentials and ISO 27001.
| ISO 27001 | Cyber Essentials | |
|---|---|---|
| What is it | An international standard that sets out the requirements of an Information Security Management System to manage information security risk in a systematic way. The standard isn’t mandatory however many contracts/tenders do stipulate it as a requirement. | An NCSC backed UK assurance scheme addressing five technical security controls to help businesses address the most common vulnerabilities. Cyber Essentials is mandatory for government contracts. |
| Risk | ISO 27001 adopts a risk-based approach where organisations set their risk acceptance criteria and risk methodology. This determines how risks are addressed. | Cyber Essentials aims to address the most common vulnerabilities found in organisations. It is not a risk-based approach |
| Recognition | ISO 27001 is an international standard recognised around the world | Cyber Essentials is a UK based scheme and is not well known worldwide |
| Time to implement | Months | Days–weeks |
| Certification process | Certification is provided by a Certification Body. This involves a Stage 1 and Stage 2 audit, and annual surveillance audits. Certification lasts for 3 years, as long as the organisation passes the audits. | Complete a self-assessment questionnaire (or undergo vulnerability scans and a workstation assessment if taking Cyber Essentials Plus) and be assessed by a IASME Cyber Essentials Assessor. Certification must be repeated annually. |
| Costs | Med/High | Low |
| Scope | Scope is defined by the organisation but the standard encompasses the business and is not just focused on IT. | Focuses on 5 key areas (shown below) and is more IT focused.
|
| Applicability | Aimed at all businesses. | Aimed at all businesses, but particularly targets smaller businesses that may have not previously considered cybersecurity. |
Our experts are the ones to trust when it comes to your cyber security
CREST approved
ISO 27001 and 9001 certified
Tigerscheme qualified testers
PCI DSS v3.2 Level 1
service provider
24/7 on-site Security
Operations Centre