A specialist service from CyPro

Cyber Essentials Plus certification, done properly

CyPro's security team gets your business audit-ready, then an IASME-licensed certification body independently assesses you. One engagement, a clear price, certified in weeks.

  • Government-backed NCSC scheme
  • First-time pass approach
  • Certified in two to six weeks
  • Pricing published by company size
3D shield badge with a checkmark representing Cyber Essentials Plus certification

Trusted by

az
bgi
british gas
cigna
deloitte
euroclear
jpm
kpmg
lme
m & g
ns & i
royal london
rsa
schroders
shell
ubs
virgin trains
william hill

The service

From gap analysis to certificate, handled end to end

One engagement covering everything between "we need Cyber Essentials Plus" and holding the certificate.

3D illustration of the readiness gap analysis

Readiness Gap Analysis

We test your environment against every control the audit will check, before the assessor does. You get a clear fix list, not a surprise on audit day.

3D illustration of remediation and secure configuration work

Remediation Support

Hands-on help closing the gaps: patching policy, secure configuration, access control, MFA and malware protection, done with your team or for them.

3D illustration of the basic Cyber Essentials questionnaire

Basic Cyber Essentials First

Cyber Essentials Plus requires the basic self-assessment first. We complete the questionnaire with you at the official IASME price, answered accurately the first time.

3D illustration of the independent audit being arranged

The Independent Audit, Arranged

Your Plus assessment is carried out by an IASME-licensed certification body we work with. We schedule it inside the required three month window and manage the logistics.

3D illustration of audit-day support

Audit-Day Support

We are with you while the assessor tests devices, checks patching and runs the malware and email tests, so questions get answered and nothing stalls.

3D illustration of the roadmap beyond certification

Beyond the Certificate

Certification proves your baseline controls. We map what the scheme does not cover, from monitoring to incident response, into a plan for what comes next.

What is Cyber Essentials Plus?

Cyber Essentials Plus is the audited level of the UK government's Cyber Essentials scheme. Where basic Cyber Essentials is a self-assessment questionnaire, Plus adds an independent technical audit: an assessor tests a sample of your devices, checks patching and configuration, and verifies your malware and email defences actually work. Certificates last twelve months. See Cyber Essentials vs Plus for which one your contracts require.

The audit explained in full

Why certify with CyPro

Certification is the floor, not the ceiling

3D illustration of passing the Cyber Essentials Plus audit first time

Built to pass first time

The audit only tests what the scheme publishes. Because we run every check ourselves beforehand, the assessment confirms what we already know rather than discovering problems.

3D illustration of clear certification pricing

Clear pricing by company size

This market quotes anything from four figures to a shrug. Our pricing is published by company size, including readiness support and the assessment itself.

3D illustration of certification completed in weeks

Certified in weeks

A typical engagement runs from gap analysis to certificate in two to six weeks, depending on how much remediation your environment needs.

3D illustration of named security practitioners

Named security practitioners

Your readiness work is led by CyPro's senior security team, the same practitioners who deliver CISO services and security operations for UK businesses.

3D illustration of independent assessment

Independent by design

We prepare you; an IASME-licensed certification body independently assesses you. You get a certificate that stands up to scrutiny, not a rubber stamp.

3D illustration of growing UK businesses

Built for growing businesses

Delivered by CyPro, whose whole practice is protecting SMBs and high-growth companies that need certification for contracts, tenders and insurers.

Your experts hold

  • CIPM
  • CIPP E
  • CISA
  • CISM
  • CISSP
  • CRISC
  • ISO 27001
  • Prince2

Results, not promises

What clients say

3D illustration of common Cyber Essentials Plus questions

Good questions

Frequently asked questions

What is Cyber Essentials?

Cyber Essentials is the UK government-backed certification scheme, run by the NCSC and delivered through IASME, that certifies five baseline technical controls: firewalls, secure configuration, security update management, user access control and malware protection. It exists to block the common, commodity attacks that cause most UK breaches.

Basic Cyber Essentials, explained

What is Cyber Essentials Plus?

Cyber Essentials Plus is the audited level of the scheme. It covers the same five controls as basic Cyber Essentials, but an independent assessor tests a sample of your devices to verify the controls genuinely work, rather than relying on your self-assessment answers.

The audit explained in full

What is the difference between Cyber Essentials and Cyber Essentials Plus?

Assurance. Basic Cyber Essentials is a questionnaire your business answers about itself; Plus adds a hands-on technical audit of sampled devices by an independent assessor. Same controls, very different evidence, and contracts increasingly specify which level they will accept.

The full comparison

How much does Cyber Essentials cost?

Basic Cyber Essentials is priced by IASME at £320 to £600 plus VAT depending on your company size. Cyber Essentials Plus adds the independent audit; our all-in bands by company size, covering readiness, remediation support and the assessment, are published in full on the cost page.

See exact prices

3D rocket illustration for booking a free certification discovery call

Take the first step

Get Cyber Essentials Plus without the guesswork

Book a free 45 minute discovery call to scope your certification: what the audit will test, what needs fixing first, and exactly what it will cost. No obligation, no hard sell.