Cyber Essentials

Get an IT Security Health Check

What is the Cyber Essentials scheme?

Cyber Essentials is a great way to show that you care about the security of your IT systems and the data that you store.

It’s not a legal thing like GDPR or other Data Protection legislation. Rather, it’s an internationally recognised standard that you choose to sign up to, to prove to your customer, your suppliers and your staff that you take your responsibilities seriously, and that your systems conform to industry best practice.

The Cyber Essentials scheme was introduced as a UK nationwide, government sponsored accreditation in 2014 to recognise businesses that have taken steps to improve their IT systems to a good standard. The scheme offers a “Basic” and a “Plus” certification.

What does the Cyber Essentials Basic certification involve?

We supply a full IT Health Check report, which covers the following:

  • The certification combines a self assessment questionnaire and an external vulnerability scan of Internet facing systems. The assessments are conducted remotely, so no on-site visit is required.

    The accreditation may require the modification of current systems and possible introduction of procedures and policies that will tighten the overall posture of your network. This will in turn significantly reduce the risk of data breaches and hacking or malware attempts.

    In order to pass the certification your organisation must meet all the requirements under the five headings of Firewalls, Secure Configuration, User Access Control, Malware Protection and Patch Management.

How would Cyber Essentials certification help your organisaton?

We supply a full IT Health Check report, which covers the following:

Achieving the certification will allow you to use the Cyber Essentials or Cyber Essentials PLUS badge to advertise that your organisation meets the Government-endorsed standard. This in turn shows your customers that you take cyber security seriously and will allow you to bid for Government and local Government contracts. It is also an expected standard from many larger or international organisations, including the offshore supply chain.

On a practical note, a simple virus or piece of malware could result in loss of data, disrupt cashflow and take up staff time. An attack could put off customers,prevent organisations from trading and damage their hard-earned reputation. Loss of data could breach GDPR and lead to fines or prosecution.


of businesses identified cyber security breaches or attacks in the last 12 months


had staff stopped from carrying out daily work


is the average annual cost for those who lost data or assests after breaches

How do I get it?

We supply a full IT Health Check report, which covers the following:

The great news is that as a CSSCloud customer you will already be doing all of the above, and the various formalities and adjustments needed to achieve the Basic accreditation should be fairly straightforward. If you want to go for the higher level “Plus” accreditation (which of course we hold ourselves!) we can assist with all aspects of preparing for and taking the assessment. We have a wealth of experience of working with clients to help achieve Cyber Essentials certification at both Basic and Plus levels by managing the assessment and certification on their behalf.

Which standard do I need, the “Basic” Cyber Essentials or the “Plus”?

We supply a full IT Health Check report, which covers the following:

That depends on the industry sector you are in. Our belief is that the “Basic” certification is relevant to all organisations as an internal check and to show that you take security seriously. Those in sensitive industry sectors should definitely consider the “Plus” certification, typically these might include Financial (Accountants, IFA), Healthcare, Insurance, Legal, Offshore and others.