Cyber Essentials Plus pathway
A practical end-to-end pathway to Cyber Essentials Plus certification – assess, remediate, certify and maintain.
The pathway
Gap assessment
IASME-aligned audit of devices, accounts, patching, malware protection and firewalls.
Remediation
Hands-on or guided fixes – Microsoft 365 hardening, MDM, patching cadence and user accounts.
Audit support
We sit alongside you through the IASME certifying-body audit and evidence pack.
Maintain
Annual renewal, configuration drift checks and ongoing security advisory.
Why Cyber Essentials Plus matters
- Required for many UK government contracts
- Widely recognised by cyber insurers
- Demonstrable assurance to enterprise clients
- Reduces likelihood of common attacks
- Independent IASME audit, not self-assessment
- Annual renewal keeps controls fresh
Need broader security beyond certification? See our full cyber security service – penetration testing, SOC support and incident response.
Trusted by
A selection of regulated, scale-up and enterprise clients we deliver for.
- Cornish MutualInsurance
- AXA / PHCHealthcare insurance
- Pax2PayTravel payments
- MulticomTravel technology
- Quartz GroupMining & ERP
- John LewisRetail
Frequently asked questions
What is the difference between Cyber Essentials and Cyber Essentials Plus?
Cyber Essentials is a self-assessment of five technical controls. Cyber Essentials Plus adds an independent hands-on audit of a sample of devices by an IASME-licensed certifying body.
How long does the pathway take?
Typical SMEs reach Cyber Essentials Plus in 6–10 weeks from kick-off, depending on remediation scope.
Do you handle Microsoft 365 hardening?
Yes. Conditional access, MFA, account separation, mailbox audit logging and Defender configuration are all in scope.
Does this cover cyber insurance requirements?
Cyber Essentials Plus is widely recognised by UK cyber insurers and is increasingly a precondition for government and enterprise contracts.