In urgent need of assistance from our Incident Response team? Click below to email directly and get support.
Get Support
Set up regular vulnerability scans for Web Apps & Infrastructure with our innovative SecurePortal
Learn More
Distribute, manage and monitor remediation tasks effortlessly with PTaaS, powered by SecurePortal
Upgrade.webp)
Pentest People Partners with JUST ONE Tree for a Greener Future
Read
Need Our Assistance?
We now offer Incident Response Retainers helping you reduce damage from a cyber attack
Read
The Difference between Cyber Essentials and Cyber Essentials Plus
Cyber Essentials is a scheme set up by the UK Government that aids businesses in protecting themselves from common threats to their cyber-security. Certification comes in two forms: Cyber Essentials and Cyber Essentials PLUS.
This post will explain the difference between them.
Cyber Essentials (Stage 1)
This is the initial stage of certification against the Cyber Essentials requirements. If you have your own internal IT team, this may be your best option. First of all, you must familiarise yourself with the requirements of secure IT:Use a Firewall to secure your Internet connectionChoose the most secure settings for your devices and softwareControl access to your data and servicesProtect against Viruses and MalwareKeep your devices and software versions up to dateOnce these requirements are understood, and you believe your IT sufficiently meets them, you must fill out a Self Assessment Questionnaire (SAQ). As an accreditation body, Pentest People issue this SAQ, and once completed it must be submitted to us through SecurePortal. We will perform an external vulnerability scan of your external facing infrastructure. Provided that the scan does not show any High or Critical vulnerabilities, and the results of the SAQ sufficiently meet the requirements, you will be awarded the Cyber Essentials certificate.
Cyber Essentials Plus (Stage 2)
This stage is the more advanced level of certification. You cannot become Cyber Essentials Plus certified without first being Cyber Essentials certified. The five control themes are exactly the same, and must still be met, but the certification process is slightly different.Certification is carried out on your premises. We manually test your Anti-Malware practices by sending E-mails and navigating to URLs containing different types of files, then we monitor how they are able to be accessed by different users. Furthermore, we also carry out an authenticated vulnerability scan on a workstation build.As long as no High or Critical vulnerabilities are identified on the internal scan and your antivirus successfully blocks the test files and emails you will be awarded the Cyber Essentials Plus certificate.It is very beneficial for your company to become certified against either stage of Cyber Essentials. You can attract new business with the promise that cyber security is of importance to your company, and you will be listed in a directory of companies that are certified. Some Government contracts now require Cyber Essentials certification, and Pentest People are able to provide you with certification at both levels. Find out more about Cyber Essentials here.
Video/Audio Transcript
Learn Something New
Have a read of our blogs written by industry experts, covering topics from all areas in cyber.
.svg)
.webp)
