Cirrus can help guide and protect your business with Cyber Essentials.

Cyber Essentials is a Government-backed scheme aimed at helping organisations protect themselves against common Internet-based cyber attacks. Certification to Cyber Essentials a great way to demonstrate your commitment to security, increase trust with customers, and even brings down business insurance premiums. It’s also a requirement for any government contracts, opening up new opportunities as it will help protect against the vast majority of common cyber attacks, and will act as a significant deterrent to cyber criminals.  The scheme was developed by the National Cyber Security Centre (NCSC), a part of GCHQ, and is administered and managed by the IASME Consortium (IASME) on the NCSC’s behalf. 

The Cyber Essentials (CE) scheme was developed as a part of the UK Government’s National Cyber Security Strategy. It aims to protect your organisation against a range of the most common Internet-based cyber-attacks in 5 basic control areas:

Drawing of a man in a black shirt and glasses floating with a colorful hot air balloon in the sky.

Firewalls

Blue checkmark icon inside a dark circle.
A blue check mark inside a dark circle, indicating confirmation or approval.

Secure configuration

Blue checkmark inside a dark blue circle.

Security update management

Blue check mark inside a dark circle

User access control

Blue checkmark inside a dark blue circle indicating confirmation or approval.

Malware protection

Hot air balloon with the word "CERTIFIED" in large blue letters, surrounded by text mentioning managed services, IT, cyber, and Microsoft 365.

Advantages to Cyber Essentials Certification

  • Achieving certification demonstrates a commitment to cybersecurity, building trust with customers, suppliers, and stakeholders.

  • Cyber Essentials helps reduce vulnerability to common cyber threats, including ransomware and malware

  • Helps organizations comply with regulations like the Data Protection Act 2018 by ensuring personal data is protected

  • This is because the certification demonstrates that the organization has implemented essential cybersecurity measures, reducing their risk profile

The Cyber Essentials scheme offers two levels of certification, namely ‘Cyber Essentials’ and ‘Cyber Essentials Plus’. 

Cyber Essentials is the foundation level certification within the Cyber Essentials scheme. The process involved in achieving Cyber Essentials Certification is simple and involves your organisation completing an online self-assessment questionnaire. 

The questionnaire will require you answering a number of questions to assess your organisation against the 5 basic security controls. A qualified assessor will verify the information provided. There are no checks on your IT systems at this level, as such the assessment questionnaire can be accessed and answered quickly and easily.

Cyber Essentials Plus is an addition to Cyber Essentials Verified Self- Assessed. All organisations MUST have Cyber Essentials Verified Self-Assessed certification dated within 3 months prior to applying for Cyber Essentials Plus. Cyber Essentials Plus involves an audit of your system by a highly trained assessor, a comprehensive vulnerability assessment, internal and external penetration testing. The aim of the assessment is to confirm that all of controls that have been declared in Cyber Essentials are implemented on the organisations network. By undertaking and completing Cyber Essentials Plus, you can declare publicly, that your organisation has been proven to meet baseline security standards set out by Cyber Essentials. 

‍Achieve Cyber Essentials and Cyber Essentials Plus certification with help from our team of qualified experts. 

Support Beyond Cyber Essentials

IT Support
Microsoft 365 Modern Work
Cyber Security

Frequently Asked Questions about CE and CE+

  • Many organisations now require Cyber Essentials for:

    • Winning contracts (especially government or supply chain work)

    • Meeting insurance requirements

    • Demonstrating security standards to clients

    It is increasingly seen as a minimum requirement rather than optional.

  • Typically:

    • Cyber Essentials: 1–2 weeks (depending on readiness)

    • Cyber Essentials Plus: Additional time for testing and remediation

    The timeline depends on how secure your current environment is.

  • Certification must be renewed annually to ensure your business continues to meet current security standards.

  • Key requirements include:

    • Enforcing multi-factor authentication (MFA)

    • Keeping systems up to date with security patches

    • Restricting administrative access

    • Using supported and secure configurations

    • Protecting devices with anti-malware solutions

    These controls address the most common vulnerabilities exploited by attackers.

  • An MSP can:

    • Assess your current environment

    • Identify and remediate gaps

    • Implement required security controls

    • Guide you through the certification process

    • Support ongoing compliance

    This ensures a smoother and faster path to certification.

Our Partners

  • Microsoft logo with white square grid and text on a dark background.
  • NinjaOne logo with white text on a black background
  • The logo of HALOPSA with white text on a dark blue background.
  • DNSFilter logo on a dark background
  • Gamma logo with stylized dots forming a pattern to the left of the word 'Gamma'.
  • Huntress logo with a stylized lion head and the word 'Huntress' in bold white letters on a dark blue background.
  • Fortinet logo on a dark background.
  • Cisco Meraki logo on a dark background
  • The Bitdefender logo with white text on a dark background.
  • The word 'DUO' in bold, stylized white and gray letters on a dark blue background.
  • Logos of HP and Dell side by side on a dark background.
  • Qualys logo with a shield icon and the company name on a dark background.
  • Dropsuite logo with the word dropsuite in white on a dark blue background.
  • RingCentral logo in white text on a dark blue background
  • Ubiquiti Networks logo on a dark background.