How does Cyber Essentials differ from ISO 27001?

ISO 27001 adopts a more holistic approach and is focused on the development, implementation and continual improvement of an information security management system (ISMS).

Adopting a risk-based approach, ISO 27001 considers threats to all of its information assets in whatever form, i.e. paper, information systems or digital media.

When certifying to ISO 27001, you need to provide the assessor with evidence that you are meeting all the mandatory elements of the management system e.g. understanding the organisation, demonstrating leadership commitment, conducting risk assessments and treatment, evaluating performance and continually improving.

The controls you implement are dictated by your risk assessment. Cyber Essentials on the other hand is a ‘snapshot in time’ assessment, where the focus is on protecting data and programs on networks, computers, servers and other elements of IT infrastructure, from cyber threats.

There is no risk assessment involved and all the security measures set out by the NCSC must be in place at the time of the certification assessment. The same applies to Cyber Essentials Plus.

We engaged URM to help us on our journey to achieve Cyber Essentials Plus. From the outset the engagement with URM was excellent. The online portal made the CE assessment seamless. The assessors were professional and courteous and went above and beyond to help us through the process.
Cyber security services provider
Apply for Cyber Essentials certificationApply for Cyber Essentials Plus

Cyber Essentials Questions Answered: Technical Requirements, BYOD Compliance and the Future of the Scheme

Published on
5 Jun
2026

URM’s blog answers key questions about CE, focusing specifically on its technical requirements, use of BYOD, and how the scheme may change in the future.

Read more
Thumbnail of the Blog Illustration
Cyber Security
Published on
5/6/2026
Complying with Cyber Essentials and Cyber Essentials Plus

URM’s blog answers key technical questions about Cyber Essentials and Cyber Essentials Plus, what’s in scope, CE compliant use of BYOD, and more.

Read more
Thumbnail of the Blog Illustration
Cyber Security
Published on
5/6/2026
Cyber Essentials – What’s Changing in 2025?

URM’s blog discusses upcoming changes to Cyber Essentials, including the changes seen in the Willow Question Set and how they may impact your organisation.

Read more
Thumbnail of the Blog Illustration
Cyber Security
Published on
5/6/2026
Access Control, Administrative Accounts and Password-Based Authentication in the Cyber Essentials SAQ

URM’s blog offers advice on answering questions in the Cyber Essentials SAQ which relate to access control, admin accounts and authentication methods.

Read more
"
Our assessor was brilliant! He was incredibly supportive and knowledgeable and really helped us get through CE+. It was a pleasure working with him.
contact US

Let us help you

Let us help you in your compliance journey by completing the form and letting us know how we can best support you.