Cyber Essentials Plus
The hands-on tested version of Cyber Essentials, requiring an independent assessor to verify the five technical controls through external vulnerability scanning and configuration audit rather than self-assessment alone.
How it works
Cyber Essentials Plus is the assured version of Cyber Essentials. Where Cyber Essentials is a self-assessed certification, Cyber Essentials Plus requires an accredited assessor to perform external vulnerability scanning, internal verification of patch and configuration controls, and a sample-based test of malware protection. The certification provides higher assurance and is required for certain UK government contracts (notably some MoD and NHS DSPT-aligned procurement). For UK regulated buyers it raises the bar above the self-assessed baseline. The CE+ certification cycle is annual.
Related terms
Cyber Essentials
A UK government-backed certification scheme covering five baseline technical security controls: boundary firewalls, secure configuration, user access control, malware protection, and patch management.
ISO 27001
The international standard for information security management systems (ISMS), specifying a framework of policies, controls, risk assessment, and continuous improvement for protecting information assets.
NHS DSPT (Data Security and Protection Toolkit)
The annual self-assessment NHS organisations and their suppliers must complete to demonstrate compliance with the data security standards required to handle NHS patient data and connect to NHS systems.
Want to see this technology in action?
Book a Discovery Call