Cyber Essentials or Cyber Essentials Plus?
Both cover the same five technical control areas. The difference is how they are verified.
Cyber Essentials
A self-assessment, verified by a certification body. It demonstrates the controls are in place and is often enough to satisfy a customer or a tender requirement.
Cyber Essentials Plus
The same controls, but independently tested through a hands-on technical audit of your systems. It carries more weight, and it is frequently the version asked for by larger customers, defence supply chains and some insurers.
We help you work out which you actually need, so you are not over-buying or under-delivering against what your customer expects.
The five things it checks
Cyber Essentials assesses five control areas: firewalls, secure configuration, user access control, malware protection, and security update management. Most businesses already do some of this. The work is usually in closing the specific gaps, evidencing what you have, and tightening the few areas that would otherwise fail the assessment.
How we help
Readiness review
We assess you against the current requirements and tell you plainly where you stand and what would fail today.
Remediation
We fix the gaps: multi-factor authentication, device and account configuration, update policies, access control and malware protection, working with your team or your IT provider rather than around them.
Certification
We prepare your submission, get you through the assessment, and for Cyber Essentials Plus, ready you for the hands-on audit.
A foundation, not a one-off
For many businesses Cyber Essentials is the first step, not the last. It is the natural base for ISO 27001, for the NIST and defence supplier standards, and for the security maturity investors expect to see during due diligence. We treat it that way, so the work you do now counts toward whatever you need next rather than being repeated.
Keep it current
Cyber Essentials is renewed annually, and the technical requirements are updated periodically, which means controls that passed last year can fail this year. We help you stay certification-ready year on year, not just at the first attempt.
Work with Keekco
Book a call and we will tell you which certification you need and what it would take to get there.
Frequently asked questions
- What is Cyber Essentials?
- Cyber Essentials is a UK government-backed certification that shows your business has five basic technical controls in place to defend against common cyber attacks: firewalls, secure configuration, user access control, malware protection and security update management.
- What is the difference between Cyber Essentials and Cyber Essentials Plus?
- Cyber Essentials is a verified self-assessment. Cyber Essentials Plus covers the same controls but adds an independent, hands-on technical audit of your systems, so it provides stronger assurance and is often required by larger customers and defence supply chains.
- How long does Cyber Essentials take?
- A well-prepared business can certify quickly, but if there are gaps to fix the timeline depends on the remediation. A readiness review tells you upfront how far you are from passing.
- Do I need Cyber Essentials for a contract or tender?
- Many UK public-sector contracts and an increasing number of private customers and insurers require it. If a customer has asked you to demonstrate cyber controls, Cyber Essentials or Cyber Essentials Plus is often what they mean.
- Does Cyber Essentials need renewing?
- Yes, it is renewed annually, and the technical requirements are updated from time to time, so controls that passed before can need revisiting. We help you stay ready each year.
- Is Cyber Essentials enough on its own?
- For some customers, yes. For others it is the foundation for larger standards such as ISO 27001 or the NIST and defence supplier requirements. We set it up so the work counts toward whatever you need next.