Cyber Essentials

Guard against the most common cyber-security threats and demonstrate your commitment to cyber-security by becoming Cyber Essentials Accreditated.

Recieve a UK Government recognised Security Accrediation for your business

Be listed on a Government Directory of organisations awarded Cyber Essentials

Attract new business with the promise you have cyber security measures in place

Cyber Essentials Certifying Body

Pentest People are a Cyber Essentials Certifying Body and can help you at all stages of your Cyber Essentials accreditation journey.

Cyber Essentials is a UK Government led and industry-backed scheme that helps organisations of all sizes protect themselves against common cyber-security threats.

The scheme is based on the correct implementation of five technical controls that are designed to protect your organisation. These are:

  1. Use a firewall to secure your Internet connection
  2. Choose the most secure settings for your devices and software
  3. Control who has access to your data and services
  4. Protect yourself from viruses and other malware
  5. Keep your devices and software up to date

From the 1st October 2014, the UK Government requires all suppliers bidding for contracts involving the handling of certain sensitive and personal information to be certified against the Cyber Essentials scheme.

There are currently two levels of certification, Stage 1 which is the basic level and Stage 2 which is also referred to as Cyber Essentials Plus. Pentest People can help you with the full certification at both levels including performing the certification assessment.

Cyber Essentials (Stage 1)

Cyber Essentials LogoThe initial level of Cyber Essentials certification is delivered through SecurePortal as a self-assessment questionnaire that covers the five technical controls and then an external vulnerability scan of your external facing network.

You are assessed against the answers to your questionnaire and the results of the external vulnerability scan. Stage 1 certification awards the Cyber Essentials accreditation and associated use of the logo.

More information on Cyber Essentials Stage 1 can be found here

Cyber Essentials Plus (Stage 2)

Cyber Essentials Plus LogoThe more advanced level of certification relies upon the same protections as Stage 1 but the certification is carried out on your business premises and also includes an internal vulnerability scan of a common workstation build.

Your antivirus protections both via the web and email are manually tested whilst onsite to ensure that your tools of choice are protecting the level of protection required to achieve Cyber Essentials Plus.

You are assessed against the answers to your questionnaire and the results of the external vulnerability scan. Stage 2 certification awards the Cyber Essentials Plus accreditation and associated use of the logo.

In order to achieve Stage 2 certification, you have to first achieve Stage 1 certification.

More information on Cyber Essentials Plus Stage 2 can be found here

How can we help?

Pentest People are a Cyber Essentials Certifying Body and can perform and accredit you to both Stage 1 and Stage 2 of Cyber Essentials.

As well as the certification, Pentest People can also offer consultancy services including a GAP analysis against the 5 technical controls to ensure that you have adequate controls in place before you undertake a paid Stage 1 assessment.

Download the CREST Cyber Essentials Guide

More information about Cyber Essentials can be found on the NCSC Cyber Essentials Homepage.

Find Out More Now!

Penetration Testing

IT Security and the associated terminology is a mainstream issue for all businesses due to the reliance business places on its IT systems combined with the prevalence of attacks. Various forms of compliance exist that mandate regular Penetration Testing as a standard and the risks of not doing anything are widely publicised.

Key Benefits

  • Reassure your existing and potential customers that you take cyber-security seriously
  • Attract new business with the promise you have cyber-security measures in place backed up with a recognised accreditation
  • Be able to remediate any identified vulnerabilities within your organisations network infrastructure
  • Have the confidence that you are protected from the most common cyber-security risks within your organisation

Frequently Asked Questions

  • What is the Cyber Essentials Scheme?

    Cyber Essentials is a scheme led by the UK Government to help organisation protect themselves against common cyber-security threats. There are two levels of certification that both demonstrate an ability to implement technical controls relating to information security.

  • What is the difference between Cyber Essentials and Cyber Essentials Plus?

    Cyber Essentials is Stage 1 and consists of a Self Assessment Questionnaire and external vulnerability assessment of your Internet-facing infrastructure.


    Cyber Essentials Plus is Stage 2 an extends Stage 1 by performing an onsite assessment of security controls including an internal authenticated scan of your workstations and mobile devices.

  • How long does certification take?

    New FAQ : Answer

  • What do we receive once certified?

    When you have undertaken your assessment and met all of the requirements of Cyber Essentials or Cyber Essentials plus you will receive the following:

    • An official PDF of your Cyber Essentials Certificate.
    • A compliant report detailing all findings from the assessment along with any recommendations where appropriate.
    • High-resolution Cyber Essentials logos along with branding guidelines on how to use the logos on your website and marketing materials.
    • Your organisation will be listed on the Government Website that shows your level of certification.