Cyber Essentials Vs Cyber Essentials PLUS: What’s The Difference?

by | Dec 11, 2022

Cyber Essential is a scheme developed by the UK Government that helps companies defend themselves against growing threats to their cyber-security. Certification comes in two different forms: Cyber Essentials and Cyber Essentials PLUS. This article discusses how they vary.

What are Cyber Essentials?

Cyber Essentials checks the IT infrastructure and all computers used by an organization (including desktops, laptops, and handheld devices). That connects to the internet against five baseline checks and is built to be straightforward. The tests are to:

  1. Boundary firewalls and internet access gates
  2. Protect against malware
  3. Managing updates
  4. Secure setup
  5. Controlled access

As well as showing that consumer data protection is essential to you, getting a certification will not only help you attract new customers but also improves the chances of winning a government contract where Cyber Essentials certification is now a prerequisite.

The NCSC states that the Cyber Essentials program focuses on “Internet-based attacks using common resources and requiring little expertise.” Those involve guessing passwords to log into protected websites or internal pages, hacking, phishing, and other methods to fool users into downloading a malicious app.

What is Cyber Essentials PLUS?

The certificate on Cyber Essentials Plus has the same requirements as the basic certificate. You need the five controls on technical protection, which are:

  1. Firewalls
  2. Secure setup
  3. Command of User Access
  4. Protect against malware
  5. Patch management

The difference is, the ‘Plus’ credential requires an independent review of the security tests. It is to verify that there are all five checks in place.

The Cyber Essentials PLUS certificate is often regarded as a more reliable certification because of its external verification measures. It is not just a cyber security declaration; it is evidence of the secrecy of your company.

How do Cyber Essentials and Cyber Essentials PLUS differ?

Since the requirements for both levels are the same, the difference is how Bitsys Technologies and our Certification Bodies verify that these requirements are met by your organization.

Cyber Essentials is certified by itself. This means that you are asked to provide answers to a questionnaire (with evidence) and one of our certification bodies marks the application through our online portal.

Cyber Essentials Plus includes a scan of an external vulnerability. This means that one of our certification bodies will be visiting your office and would be conducting a test that meets the Cyber Essentials requirements. However, each certification body should have the same testing process – the cost will differ.

Self-evaluation vs External Auditor

If you have a dedicated IT department in your company then self-assessment might be a realistic choice for you, particularly if you have an existing vulnerability management and patching software system in place.

Independent assessors, those providing Cyber Essentials PLUS, have the benefit of going through the same process with several comparable organizations.

They will do a security Vulnerability scan of your IT infrastructure before an independent auditor completes the Cyber Essentials assessment.

The information gathered will direct any remedial measures, ensuring that the organization passes the five basic standards to demonstrate good information governance practice. Since the outside body (authority) functions with your application, you may need to provide documentation to ensure that you satisfy all criteria.

We find that the majority of companies have identified essential vulnerabilities when running security scans and automatically fail the certification after completing the Cyber Essentials certification.

When do you need Cyber Essentials and Cyber Essentials PLUS?

This depends first of all on your motivations to seek these certifications: are you looking to show your customers that you are taking data protection seriously? Are you looking for approval, as a contract/supply chain requirement must be fulfilled? Any motive?

When making a bid for a contract/acquisition/tender

Procurement tenders, particularly if they involve the public sector, would as a minimum ask for Cyber Essentials. If they have not specified which Cyber Essentials level, this usually means that they only require the basic level.

If you figure out your own hidden motives

If you want to prove that your organization is compliant with Cyber Security and takes data protection seriously – then the obvious choice is Cyber Essentials Plus. Companies holding sensitive data should always seek PLUS certification, particularly if they are involved in Cyber-attacks frequently subject sectors. It isn’t necessarily cost-effective for SMEs, however, and the basic qualification is appropriate for certain businesses.

As a Managed IT Service Provider

If your customers are asking for help with the Cyber Essentials certification, then your organization should be certified to at least the level at which they are asking for help, especially considering that you may be a gateway to the data of your customers.

How to achieve these Certifications?

There are a number of companies that offer to verify your cybersecurity protocols, so finding one that is accredited by the NCSC is essential. They also have a selection of accreditation bodies that keep a list of the certification bodies that you can use.

You may get Cyber Essentials as well as Cyber Essentials PLUS, Bitsys Technologies will be doing them for you. The scheme has a fee, which starts at about £300 + VAT. The research will happen in a couple of days.

Bitsys Technologies will check your answers and grant your Cyber Essentials or Cyber Essential PLUS certificate until we are satisfied with everything and have passed the test. Provided to recertify once every 12 months. Bitsys Technologies also offers a fully controlled Cyber Essentials solution which provides the Cyber Essentials Standard with continuous monitoring of your systems. For this controlled approach, renewal must never be considered because automatic renewals are performed periodically, which ensures that you are continuously opposed to compliance at a single time.

The only way to protect what you’ve worked hard to build is to be vigilant when it comes to cybersecurity. If you’d like to know more about how your business can benefit from managed services, just give us a call, we are here to help.

Cyber Essentials vs. Cyber Essentials PLUS. Therefore, the significant divergence between the two ‘levels’ is that Essentials is very much focussed on.

How to get Microsoft Defender Health on Mac Fleet

Managing Macs for multiple companies gives us the opportunity to work in various environment and detect issues where it occurs first & then implement a solution for all others at the same time. Recently there was a requirement to find if there are MDD instances...

Implementing Machine Learning in IT Support Setup

Machine learning has the potential to revolutionize the way IT support businesses operate. This cutting-edge technology can be applied in a number of ways to improve the efficiency, accuracy, and speed of IT support services. Here are some ways that machine learning...

Benefits of Apple Business Managers

Apple Business Manager is a web-based platform designed to streamline the process of purchasing, deploying, and managing Apple devices within a business organization. It allows IT administrators to manage and distribute Apple devices and apps to their employees,...

Adoption of Macs in Enterprise: A Growing Trend

This image belongs to In recent years, there has been a growing trend of enterprises adopting Macs as their primary desktop and laptop computers. This shift in technology can be attributed to several factors, including...

ESG as future of IT

ESG, or environmental, social, and governance, is becoming increasingly important in the field of IT. As technology continues to advance and play a larger role in our daily lives, companies are being held to higher standards in terms of their impact on the environment...

Secure Your Mac with FileVault

FileVault is a built-in encryption tool for Macs that helps protect your data from unauthorized access by encrypting your hard drive. Enabling FileVault is a simple process that only takes a few minutes, and it can give you peace of mind knowing that your data is safe...

Is outsourcing IT to India is better or keeping it inhouse?

There are pros and cons to both outsourcing IT services to India and keeping IT within the company. Ultimately, the decision to outsource or keep IT in-house will depend on the specific needs and goals of the company, as well as the resources and capabilities...

How to be a good SCRUM Master

In an Agile development team, the Scrum Master is a crucial role that helps the team to work effectively and efficiently. A Scrum Master is responsible for facilitating the team's use of the Scrum framework and ensuring that the team is able to deliver high-quality...

Basics of Enterprise Patch Management

Enterprise patch management is the process of ensuring that all the software and applications within an organization are kept up-to-date with the latest patches and updates. This is important because software and applications are constantly being improved and updated...

Cost saving for enterprises by choosing M1 Macs

The M1 Mac has had a significant impact on the enterprise market since its release. As a highly-efficient and powerful machine, the M1 Mac has proven to be a valuable asset to businesses in a variety of industries. One of the key benefits of the M1 Mac is its improved...

CRM Is A Process, Not A Product! How Can We Make CRM A Successful Tool?

CRM (Customer Relationship Management) is software that allows businesses to manage business relationships and information associated with them. It provides a platform that manages interactions with customers, stores information about them, and automates processes...


Digital Workplace Services

Automated Tasks

 Office IT Support

Intune for Win & Mac

Citrix Virtual Apps

Mac Win iOS Android

Mac & Win Trained