Get Cyber Essentials
certified. Without
the headache.
Cyber Essentials is a UK government-backed certification that proves your business takes security seriously. We handle the technical controls, policies and configuration — so you can get certified without it taking over your week.
Cyber Essentials
UK government-backed certification. Included in our Protect package.
Covered by ProtectPlain English.
No jargon.
Cyber Essentials is a UK government-backed certification scheme that helps businesses protect themselves against the most common cyber attacks. It was developed by the National Cyber Security Centre (NCSC) and is now recognised across government, public sector and an increasing number of private businesses.
It's built around five technical controls that, when properly implemented, protect against the vast majority of common cyber threats — things like phishing, ransomware and unauthorised access.
Think of it as a baseline standard. Not a guarantee of perfect security, but a clear, credible signal that your business has the fundamentals right. For many of our clients, getting certified opens doors — to contracts, to tenders, and to the peace of mind that comes from knowing your basics are covered.
Government-backed scheme
Developed by the NCSC — the UK's authority on cyber security.
Protects against 80%+ of attacks
The five controls protect against the most common attack types targeting small businesses.
Two levels: Basic and Plus
Cyber Essentials (self-assessed) and Cyber Essentials Plus (independently verified). We help with both.
Built for businesses like yours
Designed to be achievable for small and medium-sized businesses — not just large enterprises.
Four very good reasons
to get certified.
Cyber Essentials isn't just a box-ticking exercise. For most of our clients, it makes a real, practical difference to their business.
Win more contracts
Central government suppliers must hold Cyber Essentials. An increasing number of private sector clients require it too — particularly in construction, finance and professional services.
Actual security
This isn't just a certificate for the wall. The five controls, properly implemented, genuinely reduce your risk. Most successful attacks exploit the same basic weaknesses — Cyber Essentials closes them.
Protect your reputation
A cyber incident doesn't just cost money — it damages the trust you've spent years building. Being certified signals that you take data security seriously, before anything goes wrong.
Cyber insurance
Many insurers now offer reduced premiums — or require certification — for cyber liability policies. Getting certified can directly reduce your costs and improve the cover available to you.
Five controls.
Plain English explained.
Cyber Essentials is built around five technical areas. Here's what each one means in practice — and why it matters.
Firewalls
Boundary firewalls and internet gateways that control what traffic can enter and leave your network. Stops attackers getting in through open doors.
Secure configuration
Making sure devices are configured securely — removing unnecessary software, changing default passwords, disabling features that aren't needed.
User access control
Ensuring people only have access to the data and systems they actually need. Limiting what an attacker can reach if they compromise an account.
Malware protection
Protecting devices against viruses, ransomware and malicious software through up-to-date endpoint protection and safe browsing controls.
Patch management
Keeping software and operating systems up to date. Most successful attacks exploit known vulnerabilities that patches have already fixed — but nobody installed.
From zero to certified.
We handle the hard part.
You don't need to become a security expert. That's what we're here for. Here's how a typical Cyber Essentials journey looks with ISS.
Gap assessment
We review your current setup against the five controls and give you a clear, honest picture of where you stand and what needs to change.
Technical remediation
We implement the required controls — firewall configuration, Microsoft 365 security, patch management, endpoint protection and access controls.
Policy support
We help you put the right security policies in place — the documented guidance your team needs to maintain good security habits day to day.
Certification & beyond
You complete the self-assessment questionnaire with our support and submit for certification. We then maintain your controls so you stay compliant.
Cyber Essentials readiness
is built in.
Our Protect package is specifically designed around the Cyber Essentials framework. Everything you need to get certified — and stay certified — is included as standard. No add-ons, no extra project quotes.
- Cyber Essentials readiness — controls aligned to NCSC requirements
- Microsoft 365 security configuration
- 24-hour endpoint detection & response
- Cyber Essentials IT policy support
- Network vulnerability scanning
- User security awareness training
- Microsoft 365 identity threat monitoring
Questions we get
asked a lot.
It depends on your current security posture. If you're starting from scratch, allow 4–8 weeks for us to implement the required controls and get you ready for the self-assessment. If you're already on our Protect package, you may already be close to ready.
Cyber Essentials is a self-assessed questionnaire. Cyber Essentials Plus adds an independent technical verification where an assessor actively tests your systems. Plus carries more weight but costs more and takes longer. Most small businesses start with the basic certification.
Not legally — but it's increasingly expected across the private sector too. More clients, particularly larger businesses, are asking their suppliers to hold Cyber Essentials as standard due diligence. The underlying controls are also simply good security practice for any business handling client data.
The certification body's assessment fee starts at around £300–£500 depending on your organisation size. This is separate to our support costs. What our Protect package covers is the technical preparation — implementing the controls and getting you ready to pass.
Yes — Cyber Essentials certification is valid for 12 months and needs annual renewal. Because our Protect package maintains the required controls as part of your ongoing service, renewal is straightforward. You're not starting from scratch each year.
Antivirus covers one of the five controls (malware protection) — but there are four others that also need to be properly implemented. It also matters which antivirus and how it's configured. Our gap assessment will tell you exactly what counts and what needs changing.