The first thing you need to do to achieve Cyber Essentials Plus certification is to gain Cyber Essentials certification.
You will then be audited (either remotely or on-site) by a certification body, such as URM Consulting. If the audit reveals no gaps, you will be awarded the Cyber Essentials Plus certification.
If there are gaps identified, you will have 15 days to fix them and go through the assessment again. If you do not pass this time, you will need to make a fresh application and pay for it again.
I just wanted to write to you to express my sincere appreciation for the outstanding work from URM’s assessor during the audit process. He demonstrated a fantastic level of knowledge and understanding, truly going above and beyond with the work that he performed, providing guidance in a communicative and enjoyable manner. It was a delight to work with him and I would be very excited to do the same again next year in our Cyber Essentials audit.
Children's charity
Get practical guidance on preventing common cyber-attacks
Get practical guidance on how to prepare for and achieve Cyber Essentials and Cyber Essentials Plus certification, and protect your organisation against these attacks.
Find out more
related BLog
NHS Cyber Security Open Letter: What Does it Mean for Suppliers?
Published on
16 Feb
2026
URM’s blog explains the recent open letter to suppliers issued by the NHS, what it means, why it matters, and the practical steps you can take to prepare.
Read more
Cyber Security
Published on
19/1/2026
Minimising the Impact When a Breach OccursURM’s blog explores the importance of cyber resilience & the steps organisations can take to prepare for and mitigate the impact of a cyber incident.
Read more
Cyber Security
Published on
9/1/2026
Strengthening Your Cyber Defences: Practical Steps for Every BusinessURM’s blog explores common weaknesses in organisations’ security programmes, & outlines practical, cost-effective measures to reduce the likelihood of a breach
Read more
Cyber Security
Published on
18/12/2025
Deconstructing the EU Cyber Resilience ActURM’s blog breaks down the new EU Cyber Resilience Act, what products/entities are in scope, the security requirements it imposes on organisations, and more.
Read more
"
Our CE renewal was so much easier this year! Our answers from previous years were automatically carried across, saving me hours of effort re-filling previous answers, the new portal is a big step forward.
contact US
Let us help you
Let us help you in your compliance journey by completing the form and letting us know how we can best support you.