Cyber Essentials Plus
Developed and backed by the UK government National Cyber Security Centre (NCSC), Cyber Essentials Plus is an in-depth audited program to provide businesses with assurance and clarity of their foundation security controls.
LANDR Security assists your organisation to certify to the
Cyber Essentials Plus scheme with audits and consultancy.
Cyber Essentials Plus Pre-requisites
Cyber Essentials Plus requires a valid base level Cyber Essentials certification before starting the process.
It is possible for us to bundle the two assessments into a single work package if you are not already certified.
Overview of Cyber Essentials Plus
Cyber Essentials Plus is an advanced certification extends the base verified Cyber Essentials self-assessment by auditing the evidence provided in the base assessment.
This involves rigorous remote and on-site auditing of the stated security controls, host and network based vulnerability scanning, network segregation testing and verification of deployed malware protection capabilities.
Key Components
Self-Assessment Questionnaire
- Companies must hold a valid Cyber Essentials self-assessment certified within the last 3 months, declaring their technical infrastructure and practices.
- Companies must hold a valid Cyber Essentials self-assessment certified within the last 3 months, declaring their technical infrastructure and practices.
On-Site Assessment
- An external auditor conducts an on-site assessment to verify the
self-assessment results. This includes testing the company's
security controls.
- An external auditor conducts an on-site assessment to verify the
self-assessment results. This includes testing the company's
security controls.
Five Core Areas of Focus
The audit evaluates the core Cyber Essentials themes:
- Secure Configuration: Ensuring devices and software are configured securely.
- Boundary Firewalls and Internet Gateways: Protecting the network from external threats.
- Access Control: Managing who can access data and systems.
- Malware Protection: Implementing measures to detect and prevent malware.
- Patch Management: Keeping software and systems updated to protect against vulnerabilities.
- Secure Configuration: Ensuring devices and software are configured securely.
Certification Benefits
Benefits of Cyber Essentials Plus Certification include:
- Enhanced Security Posture: Organisations demonstrate an applied commitment to cybersecurity.
- Material Reduction of Cyber Risk: The controls address the most common initial access routes, including weak configuration, missing patches, unsafe software, and poorly managed accounts.
- Demonstrate Governance: Board level sign-off and external assessment show that security is managed at leadership level, which speaks directly to customer and insurer expectations.
- Increased Customer Trust: Certification improves reputation attracting more business.
- Eligibility for UK Government Contracts: To be eligible to enter the bidding process for central UK government and defence contracts, Cyber Essentials Plus certification is a requirement.
The Cyber Essentials Plus Process
The LANDR assessment process follows the NCSC Cyber Essentials Plus test specification.
works with your organisation to scope the audit and establish time-frames and resources focuses on five key areas applied to all in-scope devices, users, applications, and cloud services.
Client Engagement & Onboarding
Whether we have already processed your base assessment or not, we work with you to understand your company structure, and onboard you onto our systems.
Scoping
Working with you, we will define the scope, time-frame, understand your technical infrastructure, devices and services.
Sample Selection & Audit
Arrangement of the testing selection, site access and resourcing.
Our pen-test team will begin the audit testing schedule, building evidence of all passes and findings.
Review & Remediation
Holding regular liaison meetings with you, we talk through findings and plan remediation actions and retesting schedules.
Get Cyber Essentials Plus With LANDR Security
Request A Quote
LANDR Security is with you every step of the way.
Our onboarding process explains the audit procedure, expected outcomes and works with you to secure your business.
Ready To Start Your Journey ?
Let's get you started. Complete the onboarding steps and we will contact you to discuss your requirements and timescales for certification.