Start typing to search
  • Popular Searches
  • AI governance
  • Data privacy and the GDPR
  • PCI DSS
  • Cyber essentials
  • ISO 27001
  • SOC 2
Get a quote
cyber security assurance

Cyber Essentials Certification Support

Cyber Essentials is the UK government's flagship cyber security scheme. Get certified to access government contracts, demonstrate reliability and secure your data.
View pricing Get practical advice

Choose the right certification path for your organisation

Self-certification

Self-paced certification with basic support and tools.

from
Get started
  • Cyber Essentials certificate
  • Cyber insurance of up to £25,000
  • Direct communication with a technical assessor
View full product details

Most popular

Get a Little Help

Full support through the certification process with expert guidance.

from
Get started
  • Cyber Essentials certificate
  • Cyber insurance of up to £25,000
  • Consultancy support
  • 2 hours’ support included
View full product details

Get a Lot of Help

Comprehensive certification programme for complex organisations.

from
Get started
  • Cyber Essentials certificate
  • Cyber insurance of up to £25,000
  • Consultancy support
  • 1 day’s support included
View full product details

Trusted by the world’s top organisations

Our five-step methodology

Swipe to view more
Step one

Define the scope

Certification can apply to an organisation’s full enterprise IT or just to a subset. Either way, the scope needs to be clearly defined before the certification process can get underway.

Step two

SAQ (self-assessment questionnaire) and Cyber Essentials certification

The next step is to complete the questionnaire. We review the completed SAQ before submission to check it meets the scheme’s requirements. Successful applications are issued a Cyber Essentials certificate.

Step three

Technical assessment (Cyber Essentials Plus only)

Organisations seeking certification to Cyber Essentials Plus are also required to go through a technical audit. This includes a series of internal vulnerability scans and tests of the in-scope system(s) and the SAQ.

Step four

External scan (Cyber Essentials Plus only)

An external vulnerability scan of your Internet-facing networks and applications is used to verify that there are no obvious vulnerabilities. As the tests are external, they are performed off-site.

Step five

Cyber Essentials Plus certification

Once the assessment, internal scan and external scan are finished, you will get your Cyber Essentials Plus certificate.

Why choose GRC Solutions?

GRC Solutions, formerly IT Governance Ltd, is one of the founding Cyber Essentials certification bodies and remains one of the largest in the UK, issuing more than 9,000 certificates to date.

Real stories. Real results.

Very easy process to follow and helpful staff on hand to help with any queries. Highly recommended.”

Liam

Very easy process to follow and helpful staff on hand to help with any queries. Highly recommended.”

Hazel

Very easy process to follow and helpful staff on hand to help with any queries. Highly recommended”

Johnathan

Cyber Essentials FAQ

Cyber Essentials contains five basic technical controls that help organisations prevent the most common cyber security threats, such as phishing and malware.

By certifying to Cyber Essentials, your organisation will reduce its cyber risks and enhance your reputation, with the certificate acting as proof to stakeholders that you take security seriously.

Organisations are required to pay for Cyber Essentials certification, whether they self-certify or seek third-party support.

If you certify via GRC Solutions, the certification costs begin at £420 + VAT, and increase depending on the size and complexity of your organisation and the level of support you are seeking.

Before beginning the certification process, you can view the Cyber Essentials self-assessment questions online for free. This can help you understand how the scheme works and prepare for certification.

Cyber Essentials is recommended for UK organisations of all sizes and across all sectors, including sole traders, public institutes and charities.

This is because the scheme provides the baseline level of security recommended by the UK government, and its controls can prevent the majority of common cyber attacks.

Cyber Essentials certification is valid for 12 months. To maintain compliance, organisations must complete a new assessment and recertify annually. This ensures that certified organisations’ regularly check that their technical controls continue to work as intended account for any new risks that emerge.

Cyber Essentials is mandatory for organisations that intend to bid on certain government contracts – particularly those involving sensitive personal data.

Some private sector organisations also make Cyber Essentials certification a contractual requirement for its suppliers.

Cyber Essentials is not a legal requirement, but it is a government-backed scheme that outlines the minimum expected level of cyber security.

Organisations are only eligible to win certain government contracts if they are certified to the scheme, while some private-sector organisations require suppliers to certify to Cyber Essentials.

Cyber Essentials. Let’s get to work.

Trust a company that has issued more than 12,000 certificates and has received a ‘World-Class’ NPS (Net Promoter Score) of +100.

IT Governance, a GRC Solutions company, is one of the founding Cyber Essentials certification bodies and remains one of the largest in the UK.

If you’re looking for guidance, practical advice or consultation, we can help.

✅ Fast, practical certification support
✅ Reduce cyber risk with essential controls
✅ Build trust and win more business