Cyber Essentials Plus
End-to-End Certification, Handled For You
Full Certification
We handle every step of your Cyber Essentials Plus certification — from initial assessment through to successful examination and certification.
Complete Protection
Our service includes all licensing, technical testing, vulnerability scanning and remediation — everything you need under one roof.
Guaranteed Support
We guide you through every requirement, fix any issues we find, and ensure you're fully prepared before examination day. No surprises.
Cyber Essentials Plus is the UK government-backed certification that proves your business takes cyber security seriously. More and more organisations now require it before they'll work with you.
We provide a fully managed, end-to-end Cyber Essentials Plus certification service. That means everything — the initial assessment, preparation, licensing, technical vulnerability testing, remediation of any issues, and the final examination — is handled by our team. You get certified without the headache.
Our end-to-end service
Everything you need to achieve Cyber Essentials Plus certification — from the first conversation to the certificate on your wall.
Gap Assessment
We review your current IT setup against all five Cyber Essentials technical controls — firewalls, secure configuration, access control, malware protection and patch management — and identify exactly what needs to change.
Preparation & Remediation
We don't just tell you what's wrong — we fix it. Our engineers implement the technical changes needed to bring your systems into compliance, from firewall rules to patching policies and user access controls.
Licensing & Registration
We handle all the certification body registration and licensing fees as part of our service. No separate invoices, no hidden admin costs — it's all included in a single, transparent price.
Vulnerability Testing
Cyber Essentials Plus requires hands-on technical verification. We conduct the internal and external vulnerability scans, test your configurations and verify that your defences work as they should — before the assessor does.
Examination & Certification
We coordinate the official Cyber Essentials Plus examination with an accredited certification body. We're with you every step — answering questions, providing evidence and ensuring a smooth pass on the first attempt.
Ongoing Support
Certification is annual. We help you maintain compliance year-round with ongoing monitoring, policy reviews and renewal support — so you never fall out of certification.
Our approach to certification
No Jargon, No Stress
We know that cyber security certifications can feel overwhelming — especially if you don't have an in-house IT security team. That's why we handle everything in plain English, with clear communication at every stage. You'll always know exactly where you stand.
Fix It, Don't Just Flag It
Unlike consultancies that hand you a report and wish you luck, we actually do the technical work. When we find gaps in your setup, our engineers implement the fixes directly — firewalls, patching, access controls, the lot.
First-Time Pass
We conduct our own internal testing before the official examination, so we catch and resolve any issues in advance. Our goal is a clean pass on the first attempt — no re-sits, no delays, no extra costs.
How it works
A straightforward four-stage process that takes you from wherever you are now to fully certified.
Assess & Scope
We audit your current IT environment against all five Cyber Essentials technical controls. We identify every gap, document what needs to change, and give you a clear picture of where you stand today.
Prepare & Remediate
Our engineers implement the required technical changes — firewall configuration, patching, user access policies, malware protection and secure configuration. We do the work, not just the advice.
Test & Verify
We run internal vulnerability scans and technical tests to verify everything passes. This pre-examination dry run means we catch and fix any remaining issues before the official assessment.
Certify & Maintain
We coordinate the official Cyber Essentials Plus examination, support you through the process, and help you achieve certification. Then we help you stay certified year after year.
Businesses turn to us when
What is Cyber Essentials Plus?
Cyber Essentials is a UK government-backed scheme designed to help organisations protect themselves against the most common cyber attacks. It covers five key technical controls: firewalls, secure configuration, user access control, malware protection and patch management.
Cyber Essentials Plus goes a step further than the basic Cyber Essentials certification. While the standard level is a self-assessment questionnaire, Plus requires an independent, hands-on technical audit of your systems. An accredited assessor verifies that your defences actually work — not just that you say they do.
This makes Cyber Essentials Plus significantly more credible. It's increasingly required for government contracts, supply chain compliance and cyber insurance. Many private sector organisations also now ask suppliers for it as a minimum security standard.
The certification is valid for 12 months and needs annual renewal. With our managed service, we make both the initial certification and ongoing renewals straightforward.
The five technical controls we cover
Firewalls & Internet Gateways
Firewalls create a buffer zone between your internal network and the internet. We configure and verify that your boundary firewalls and internet gateways are properly secured — blocking unauthorised inbound traffic, restricting outbound connections, and ensuring default passwords are changed and unnecessary services are disabled.
For Cyber Essentials Plus, we test that these configurations actually work in practice, not just on paper. We verify firewall rules, check for open ports, and ensure your perimeter defences are correctly filtering traffic.
Secure Configuration
Every device and application should be configured to reduce unnecessary functionality and vulnerabilities. We review and harden the configuration of your computers, servers, mobile devices, routers, and cloud services — removing default accounts, disabling auto-run features, and ensuring only necessary software is installed.
We verify that all devices in scope have been configured securely by testing a representative sample during the Plus assessment, checking for common misconfigurations that attackers exploit.
User Access Control
User accounts — especially those with admin privileges — should be carefully managed. We review your access control policies and implement proper practices: unique user accounts, strong password policies, multi-factor authentication, and the principle of least privilege (users only have the access they need).
We verify that admin accounts are not used for day-to-day tasks, that unused accounts are disabled, and that access is properly controlled across all devices and services in scope.
Malware Protection
All devices must be protected against malware. We ensure that anti-malware software is installed, running, up to date, and properly configured on all devices in scope. This includes verifying that real-time scanning is active, definitions are current, and that the software is set to scan files automatically on access.
For the Plus assessment, we test that malware protection is actually working — including verifying that known test samples are detected and blocked by your security software.
Patch Management & Software Updates
Keeping software up to date is one of the most important defences against cyber attack. We verify that all operating systems, applications, plugins and firmware are patched within 14 days of security updates being released — a core Cyber Essentials requirement.
We check that automatic updates are enabled where possible, that unsupported or end-of-life software has been removed, and that your patching process is documented and followed consistently across all devices in scope.
Why Cloudswitched for Cyber Essentials Plus?
We're an IT company that lives and breathes this stuff every day — not a compliance consultancy reading from a checklist.
IT company, not just consultants
We don't just assess and advise — we actually fix things. Our engineers implement the technical changes needed, so you don't have to find someone else to do the work.
Everything included
Licensing, registration, testing, remediation, examination — it's all in one price. No surprise invoices for the certification body fee or "additional technical work".
First-time pass focus
We run our own internal testing before the official exam. We find and fix issues in advance so there are no nasty surprises on assessment day.
Plain English, no jargon
We explain everything clearly. You'll understand what each control means, why it matters, and what we're doing about it — without needing a cyber security degree.
Dedicated account manager
One named contact who knows your business and manages the entire process. No ticket queues, no call centres — just a person who picks up the phone.
Fast turnaround
Need certification urgently for a contract deadline? We prioritise your project and work efficiently to get you certified as quickly as possible without cutting corners.
Genuine security improvement
We don't just tick boxes. The work we do during certification genuinely improves your cyber security — protecting your business against the threats that matter most.
Ongoing managed IT available
Already a Cloudswitched IT support client? Even better — we already know your setup. Not yet? We can manage your IT and certification together for maximum efficiency.
Annual renewal support
Certification is valid for 12 months. We make renewal simple — tracking your expiry, preparing your systems and managing the re-certification process each year.
Frequently Asked Questions
Common questions about Cyber Essentials Plus certification. If you need more detail, get in touch — we're happy to help.
What's the difference between Cyber Essentials and Cyber Essentials Plus?
Cyber Essentials is a self-assessment questionnaire — you answer questions about your security controls. Cyber Essentials Plus adds an independent, hands-on technical audit where an assessor verifies that your controls actually work. Plus is more rigorous, more credible, and increasingly the standard that organisations require.
How long does the certification process take?
It depends on your starting point. If your IT is already well-managed, we can typically complete the process within a few weeks. If significant remediation is needed, it may take longer — but we'll give you a realistic timeline upfront after the initial assessment.
Do I need Cyber Essentials before getting Plus?
Yes — Cyber Essentials Plus builds on the basic Cyber Essentials certification. You need to pass the self-assessment questionnaire first, then the Plus technical audit follows. Don't worry — we handle both as part of our service.
Is there a separate cost for the certification body?
No. Our service includes everything — the IASME or CREST certification body fees, licensing, testing, remediation and examination. One price, fully inclusive. No hidden extras.
What systems are in scope for the assessment?
Generally, all user devices (laptops, desktops, phones, tablets), servers, firewalls, routers and cloud services that are connected to the internet or handle business data. We help you define the scope clearly during the initial assessment — and can advise on how to structure it sensibly.
What happens if we fail the assessment?
With our service, this is extremely unlikely — because we test everything ourselves before the official examination. In the rare event that an issue is found during the exam, we work with the assessor to resolve it quickly. Our aim is always a first-time pass.
Who needs Cyber Essentials Plus?
Cyber Essentials Plus is relevant to businesses of all sizes. Here are the most common reasons organisations pursue certification.
Government Contracts
Cyber Essentials Plus is mandatory for many UK government and public sector contracts — especially those involving sensitive data or IT services. Without it, you can't bid.
Supply Chain Requirements
Large enterprises increasingly require their suppliers to hold Cyber Essentials Plus. It proves you meet a baseline security standard and reduces supply chain risk for everyone.
Cyber Insurance
Many cyber insurance providers offer reduced premiums or require Cyber Essentials Plus as a condition of cover. Certification can directly lower your insurance costs.
Customer Confidence
Displaying the Cyber Essentials Plus badge shows your customers and prospects that you take data protection seriously. It's a competitive differentiator — especially in professional services, finance and healthcare.
Genuine Protection
Beyond the badge, the five technical controls genuinely protect your business against the most common cyber attacks. 80% of breaches could be prevented by implementing these basics properly.
Get Cyber Essentials Plus certified
We handle everything — the assessment, preparation, licensing, testing and examination. One provider, one price, no surprises.
Protect your business today
Whether you need certification for a contract, insurance, supply chain compliance or simply to improve your security, our team is ready to guide you through the entire process.
Submit your details and one of our friendly team members will be in touch with you shortly