Cyber Essentials Certification
Protect your business from cyber threats by achieving Cyber Essentials certification, a UK government-backed scheme
Protect your business from cyber security threats
In an age where cyber threats are a constant risk and can come from anywhere, making sure you can demonstrate that you have taken precautions against the most common vulnerabilities and attacks is crucial.
To do this we help you to gain either the Cyber Essentials or Cyber Essentials Plus certifications as part of the UK government’s scheme.
With our expertise, you gain the confidence that you are taking the right steps to mitigate financial, legal, and reputational risks associated with cyber security breaches.
Our approach to Cyber Essentials certification
Gap analysis
We measure your existing controls against what is required by Cyber Essentials.
A clear roadmap to certification
We provide a clear road map on how to bridge the gaps and reduce the risks associated with a cyber breach.
Ongoing support
Provide ongoing guidance and assistance to ensure all elements of the assessment are being catered for.
Official certification
As a CREST-affiliated company, we issue both Cyber Essentials and Cyber Essentials Plus certifications.
Award-winning expertise
Our cyber security team continues to achieve multiple vendor certifications, highly respected industry accreditations and international accolades, demonstrating the breadth, depth and impact of their services.
What is the Cyber Essentials Scheme?
The UK government’s Cyber Essentials scheme is designed to help small and medium-sized organisations define and measure fundamental levels of cyber security.
It is based on five key controls – firewalls, secure configuration, access control, malware protection, and patch management – and defines technical and procedural controls to mitigate the risks associated with cyber threats.
Why choose LRQA for Cyber Essentials?
As a CREST-affiliated company, we issue both Cyber Essentials and Cyber Essentials Plus certifications which enable you to:
- Promote and demonstrate that they have undertaken essential precautions in minimising your cyber risk.
- Satisfy clients, suppliers, insurers and industry regulators including businesses tendering for government contracts.
- Gain assurance of the security posture of your IT systems and networks.
Our team will initially conduct a gap analysis to measure your existing controls against the requirements of Cyber Essentials. We will then provide a clear road map with tailored guidance and practical solutions if a security weakness is identified. Our streamlined annual renewal assessments maintain your valid certification over time as threats evolve.
Why work with us?
Specialist expertise
Our cyber security experts hold multiple vendor certifications and accreditations as well as highly respected industry accreditations from CREST, the PCI SSC, ISC2, BCI, Chartered Institute of IT, and NCSC CHECK.
Industry leadership
We lead and shape industry on advisory boards and councils including the PCI SSC Global Executive Assessor Roundtable and CREST councils in the Americas, Asia, EMEA and the UK. We are certified by a range of governing bodies including the payment card industry and are approved as a Qualified Security Assessor.
Everywhere you are
Operating in over 55 countries, with more than 250 dedicated cyber security specialists and over 300 highly qualified information security auditors across the world, we can provide a local service with a globally consistent dedication to excellence.
Award winners
We have been recognised for the breadth and depth of our services – including the TEISS Award for Best Penetration Testing Service in 2024, Enterprise Threat Detection and Cloud Security awards at the Security Excellence Awards 2024 and the Stratus Award for Best Managed Cloud Security Service.
Cyber Essentials assessment areas
The primary security controls that are assessed during a Cyber Essentials or Cyber Essentials Plus are:
• Internet perimeter security – establishing the exposure of internet-facing systems, presence of appropriately secure firewall controls and security posture of those systems.
• Access and authentication controls – validation of appropriate authentication mechanisms to protect an organisation’s application or infrastructure from unauthorised access.
• Security patch management – verification of the application of security patches across the operating system and application.
• Malware and endpoint protection – a review of the presence and effectiveness of anti-virus and endpoint protection solutions.
• Secure configuration – checks to ensure systems are configured most securely and common vulnerabilities through implementation weaknesses have been addressed.
Cyber Essentials vs Cyber Essentials Plus: choosing what is right for you
Both Cyber Essentials and Cyber Essentials Plus consist of the same core cyber security assurance activities:
- Self-assessment questionnaire covering some of the basic technical and procedural controls that are needed.
- External vulnerability scan which offers a deeper level of assurance by scanning the network perimeter of all internet-connected locations for infrastructure and web application vulnerabilities, including dedicated hosting platforms.
The Cyber Essentials Plus assessment also includes a simulated attack assessment and an internal workstation and mobile device security audit which assesses a sample of workstations for configuration and patching related vulnerabilities.
The world leader in CREST accreditations
We are proud to be the only organisation in the world with a full suite of accreditations from The Council of Registered Ethical Security Testers (CREST).
Our team of consultants have achieved the highest accreditations for Penetration Testing, Red Teaming, Incident Response services and Threat Intelligence. In addition, we were also the first organisation to be CREST accredited for our Security Operation Centre services.