Cyber Essentials Basic

Certifying your organisation with a UK Government approved cyber security accreditation.

What is Cyber Essentials Basic?

Cyber Essentials is a simple but effective, Government backed scheme that will help you to protect your organisation, whatever its size, against a range of the most common cyber attacks.

Cyber Essentials Basic is the simpler of two levels of certification.

Organisations can achieve a Cyber Essentials Basic certificate by completing a cyber security questionnaire. These answers are then fully assessed by an approved certification body such as ourselves.

What Key Areas Does The Questionnaire Cover?

Access Controls

This section assesses how permissions are assigned throughout the organisation. It includes questions such as:

How are permissions managed throughout the environment?
Are permissions provisioned on a principle of least privilege?
Are administrative functions restricted?
Do cloud environments have segregated groups?
Is MFA enforced for all cloud services?

Patching & Updates

This section assesses how updates are applied throughout the organisation. It includes questions such as:

Are updates automatically applied where possible?
How are devices kept up to date and licensed?
Are legacy systems securely segmented from the live environment?
Are all high and critical vulnerabilities patched within 14 days?

Malware Protection

This section assesses how devices are protected from malware throughout the organisation. It includes questions such as:

What anti-malware solutions are in place?
How are anti-malware solutions kept up to date and licensed?
Are there malware controls on email and web downloads?
Are malware signatures applied within 24 hours?
Are all devices protected?

Secure Configuration

This section assesses how devices are hardened and protected from attackers. It includes questions such as:

Are devices built to certain cyber security standards?
Are users restricted on what they can download and execute?
Are devices configured with firewalls enabled?
Are devices centrally managed?
How are security policies pushed to devices?

Firewalls & Routers

This section assesses how the network has been hardened and protected from attackers. It includes questions such as:

Are firewall rules in place to segment networks?
Are services exposed to the public internet?
Are cloud services and login forms restricted to certain addresses?
Are networking devices kept up to date and in support?
Have default credentials on networking devices been changed?

Access Controls
Patching & Updates
Malware Protection
Secure Configuration
Firewalls & Routers

This section assesses how permissions are assigned throughout the organisation. It includes questions such as:

How are permissions managed throughout the environment?
Are permissions provisioned on a principle of least privilege?
Are administrative functions restricted?
Do cloud environments have segregated groups?
Is MFA enforced for all cloud services?

This section assesses how updates are applied throughout the organisation. It includes questions such as:

Are updates automatically applied where possible?
How are devices kept up to date and licensed?
Are legacy systems securely segmented from the live environment?
Are all high and critical vulnerabilities patched within 14 days?

This section assesses how devices are protected from malware throughout the organisation. It includes questions such as:

What anti-malware solutions are in place?
How are anti-malware solutions kept up to date and licensed?
Are there malware controls on email and web downloads?
Are malware signatures applied within 24 hours?
Are all devices protected?

This section assesses how devices are hardened and protected from attackers. It includes questions such as:

Are devices built to certain cyber security standards?
Are users restricted on what they can download and execute?
Are devices configured with firewalls enabled?
Are devices centrally managed?
How are security policies pushed to devices?

This section assesses how the network has been hardened and protected from attackers. It includes questions such as:

Are firewall rules in place to segment networks?
Are services exposed to the public internet?
Are cloud services and login forms restricted to certain addresses?
Are networking devices kept up to date and in support?
Have default credentials on networking devices been changed?

Need A Cyber Essentials Certificate Today?

What Are The Benefits?

Client Assurance

New and existing clients will have assurance that security controls are in place to protect their data.

Opportunities

Various procurement platforms will only accept applications from businesses with a Cyber Essentials certificate.

Government Approved

Cyber Essentials is fully government approved, with the scheme being created by the NCSC.

Insurance

Cyber Essentials certification provides an optional £25,000 cyber insurance, included within the cost.

Competition

A Cyber Essentials certificate may give your organisation the edge over competitors.

Foundation

Your organisation will have taken the first step in it's cyber security journey.

Years Experience

> 0

CE Certs Issued

> 0

Turnaround Time

0 h

Years Approved

Why Use Us?

We certify hundreds of companies a year, providing you with the assurance that we are an experienced certification body.

If your questionnaire initially isn't compliant, we will work with you to provide guidance on what needs amending prior to certification.

We have a dedicated Cyber Assurance team who will guide you through each step of the process.