What is Cyber Essentials / IASME Cyber Assurance?

A UK Government-backed scheme designed to help organizations guard against common cyber threats through essential technical controls and proven cyber hygiene practices.

Cyber Essentials is a UK Government–backed scheme to help organisations guard against common cyber threats. Via IASME, the scheme covers self-assessment (and optionally, hands-on technical verification) of five core technical controls. It provides assurance to your customers, partners and regulators that you have implemented essential cyber hygiene.

IASME Cyber Assurance builds on Cyber Essentials, and may include broader governance, risk, and data protection elements depending on the option.

The Five Key Technical Controls

Any organisation applying for Cyber Essentials must ensure these essential controls are in place:

1. Boundary Firewalls & Internet Gateways

Ensuring that there is a strong perimeter control between your network/internet (or cloud) exposure and internal systems.

2. Secure Configuration

Only the services & software needed are enabled; unnecessary defaults are disabled. Secure settings for OS, network devices, cloud, etc.

3. Access Control

Limit who can access what. Distinction between administrative and standard accounts. Use least privilege and only authorised access.

4. Malware Protection

Defend endpoints and servers against malicious software; ensure detection, prevention and timely response.

5. Patch Management

Keeping software, firmware, OS updated. Apply critical patches in a short timeframe. Address vulnerabilities regularly.

Levels of Certification

Choose the certification level that best fits your organization's needs and requirements

Cyber Essentials (Basic)

Self-assessment questionnaire completed by the organisation, verified by a licensed Certification Body. This level demonstrates your commitment to baseline cybersecurity practices.

Cyber Essentials Plus – Coming Soon through CyberVeritas

Involves independent technical verification of controls (e.g. via vulnerability scanning or onsite checks) to ensure they are not only configured but effective. Provides enhanced assurance for your stakeholders.

Combined / Bundled Options – Coming Soon through CyberVeritas

Many bodies offer both levels together. IASME also offers further assurance / governance / GDPR-related add-ons for comprehensive compliance coverage.

Why Get Cyber Essentials / IASME Cyber Assurance?

Discover the key benefits of achieving IASME Cyber Essentials certification

  • Protects your organisation against ~80-90% of common cyber attacks
  • Demonstrates to clients, suppliers and regulators that you take cybersecurity seriously
  • Required (or strongly preferred) for many public sector / government contracts
  • Helps with compliance for other legal/regulatory obligations (e.g. GDPR)
  • Can lead to reduced insurance premiums, or eligibility for cyber-liability insurance
  • Builds customer trust and competitive advantage in the marketplace
  • Provides a clear framework for implementing essential cybersecurity measures

How the Process Works

Here is a typical roadmap for an organisation through IASME Cyber Essentials:

Stage What Happens
1. Scope & gap analysis Identify which systems/devices, users, cloud services are in scope. Review current practices vs the five key controls.
2. Remediation Implement changes needed (e.g. configuring firewalls, ensuring patching, securing configurations, access control, malware protection).
3. Self-Assessment / Questionnaire Complete the IASME / CE questionnaire truthfully, signed off by leadership.
4. Review by Certification Body They verify your responses; for Plus, include tests / technical verification (vulnerability scanning, internal/external scans, possibly onsite).
5. Certification & Badge On passing, you get certificate & badge to use on website, proposals etc.
6. Maintain & renew The certification is valid for 12 months. You'll need to address changes, renew and ensure ongoing compliance.

Pricing & Options

Transparent pricing based on organization size and complexity

While costs depend on the size of organisation, complexity and level of support, here are ballpark figures:

Micro Business

£300-£320
+ VAT
  • 0-9 employees
  • Self-assessment level
  • Basic support included
  • Certificate & badge
  • 12-month validity
Get Started

Small to Medium

£400-£500+
+ VAT
  • 10-249 employees
  • Enhanced support
  • Complexity assessment
  • Gap analysis included
  • Remediation guidance
Get Started

Large Enterprise

£600+
+ VAT
  • 250+ employees
  • Comprehensive support
  • Dedicated consultant
  • Full remediation planning
  • Ongoing compliance support
Get Started

What CyberVeritas Offers

Comprehensive support throughout your certification journey

Here are the features and services that CyberVeritas can provide to help you obtain (and maintain) IASME / Cyber Essentials certification:

  • Initial consultation and scoping call to assess readiness
  • Gap analysis to identify where your current setup falls short of requirements
  • Remediation planning: technical configuration, access setup, patching, malware protection
  • Support in completing the self-assessment questionnaire, ensuring leadership authorisation and evidence
  • For Plus: assistance / execution of technical verification (scans, tests etc)
  • Post-certification: ongoing support, reviews, helping with renewals, keeping up to date with standard-changes
  • Expert guidance from experienced cybersecurity professionals
  • Documentation support for audit and compliance requirements

Frequently Asked Questions

Common questions about IASME Cyber Essentials certification

How long does the process take?
Typically 2-4 weeks if your IT environment is straightforward and many controls are already in place. More complex setups or major remediation can extend this. Similar providers note that for small/medium organisations, certification can be achieved within a month.
Can I fail?
Yes, if your current setup doesn't meet all requirements. However, you often get a chance to remediate and resubmit or correct issues. Our team will work with you to identify and address any gaps before submission.
How often must I renew?
Every 12 months. The landscape of cyber threats changes, so maintaining currency is part of the scheme. We provide ongoing support to help you maintain compliance and streamline the renewal process.
Do I need to have Cyber Essentials if I already have other certifications (e.g. ISO 27001)?
It depends, but often yes, since Cyber Essentials is a faster, more baseline-focussed certification, and is explicitly required for many public contracts. It's complementary, not always redundant. Many organizations find value in maintaining both certifications.
What's the difference between Cyber Essentials and Cyber Essentials Plus?
Cyber Essentials involves a self-assessment questionnaire, while Cyber Essentials Plus includes independent technical verification through vulnerability scanning and potentially onsite checks to ensure controls are not only configured but effective.
Is Cyber Essentials mandatory for government contracts?
For many UK government contracts, especially those involving handling of personal data or providing certain ICT services, Cyber Essentials certification is either mandatory or strongly preferred.

Getting Started with CyberVeritas

Your path to IASME Cyber Essentials certification

  1. Book a free assessment / call – let's sit down and see what level you're at
  2. Decide your level – do you need Cyber Essentials only, or Plus, and whether you want guidance or self-service
  3. Implement changes – prepare the remedial actions
  4. Submit and certify – we'll help you with the questionnaire and any verification required
  5. Maintain & renew annually – we provide ongoing support for continued compliance

Ready to Get IASME Cyber Essentials Certified?

Contact our expert team today to start your certification journey and protect your business with government-backed cybersecurity standards. We're here to guide you every step of the way.

Start Your Certification Journey