Cyber Essentials PLUS Guided

A guided route if you want structured support across both the CE and CE+ assessments.  This offering includes all the benefits of the Cyber Essentials Assured offering, together with additional preparation ahead of the official CE+ assessment.

This offering includes Cyber Essentials Assured, 1 year of access to the Abriska CE+ module, a half-day sample-based CE+ pre assessment, the formal CE+ assessment, and 1 included retest within the NCSC remediation window in line with the Danzell scheme’s remediation process.

Because this offering includes Cyber Essentials Assured, your journey includes both the initial  scoping workshop and the Technical Scope Verification where evidence will be captured.  This ensures your certification scope is defined fully and accurately before the CE submission is finalised and that any issues likely to cause problems later in the certification journey are identified as early as possible.

Abriska CE+ Module (Guided)

Your 1-year access to the Abriska CE+ module (Guided) provides:

• Monthly compliance scans of all external IP addresses in scope for CE
• Monthly compliance scans of all servers and end user devices in scope
• An interactive view of the assets and vulnerabilities that could lead to a compliance failure
• Actionable, prioritised recommendations tailored to CE and CE+ requirements.

CE+ Pre Assessment

A sample-based CE+ pre assessment is typically scheduled within the 2 weeks prior to your official CE+ assessment.  This half-day pre-assessment tests a small, representative sample of your devices, identifies likely points of failure before the formal assessment, and provides initial advice on any issues identified so they can be addressed in advance.

Technical Scope Verification (TSV)

In most cases, the Technical Scope Verification is conducted separately from the CE+ assessment and must be passed at least seven working days before the assessment start date.  For this Cyber Essentials PLUS Guided offering, the TSV is typically conducted as part of the review included within Cyber Essentials Assured.

This approach significantly reduces the risk of booking CE+ assessment time that cannot be used if issues are later identified with the declared CE scope. Any factors that could prevent a successful CE+ assessment are identified and addressed early in the process.

For some small or micro-organisations (e.g., where the whole organisation is in scope and only a very small number of devices are involved) it may be possible to agree that the TSV is performed at the start of the CE+ assessment rather than as a separate activity in advance.*

* Performing the TSV on the day of the CE+ assessment may reduce cost and administrative effort, but it increases risk.  If issues are identified that cannot be immediately resolved, the CE+ assessment time will need to be either repositioned as advisory activity or postponed, and postponement charges will apply. By choosing this option, you acknowledge that passing the TSV is a prerequisite for proceeding with the formal CE+ assessment and that this approach carries a higher risk

Retests

If the TSV passes successfully, but the CE+ assessment identifies failing items, you may book 1 retest in line with the Danzell scheme’s remediation process.  A 2^nd, different sample set must be selected for the retest.  If the same vulnerabilities are identified again, your CE certificate will be revoked in accordance with scheme rules.

To reduce this risk and achieve the smoothest possible path to CE and CE+ certification, you may wish to consider the Cyber Essentials PLUS Assured offering, which includes additional scanning, advisory support, and assurance designed to identify and resolve issues earlier.

‍

Why URM?

As an accredited certification body, URM has an unrivalled record in assisting organisations of all sizes achieve certification to Cyber Essentials and Cyber Essentials Plus. URM is also an accredited Assured Service Provider under the NCSC Cyber Advisor scheme  and  has a large team of experienced, pragmatic assessors who are here to support you and guide you through the process.

Not only do we bring a wealth of cyber security knowledge, but also a wide and varied experience of all the leading cyber and information security standards.

As such, you can be assured that you are getting advice that is right for you and your organisation, taking into account your sector, size and the information you are looking to protect. Our large team of assessors also enables us to guarantee a super-fast turnaround.

‍