Achieving Cyber Essentials Plus (Level 2)

To achieve Cyber Essentials Plus (known as Level 2), email to request a pre-assessment questionnaire which will help us to assess the costs involved in performing an on-site vulnerability assessment.

For Guidance an example of the Questionnaire is available for Download.
Level 1 self assessment questionnaire.

When completed email the document to for review, this will begin the Scoping and Costing for the on-site vulnerability test.

Why Cyber Essentials Plus?

Cyber Essentials has been developed as part of the UKs National Cyber Security Programme and aims to encourage businesses of any size to take steps towards achieving a baseline of cyber security.

It is believed that implementing the required controls could shield companies from up to 80% of the common threats from the internet.

Adopting Cyber Essentials is likely to be a major requirement to win business in many sectors in the future – and to demonstrate this, from 1 October 2014, the government requires certain suppliers bidding for certain information handling contracts to be Cyber Essentials certified.

The scheme is applicable all private sector organisations, universities, charities, and public sector organisations. . It is backed by industry including the Federation of Small Businesses, the CBI. A number of insurance companies are starting to offer incentives for organisations that conform to the scheme.

A company can gain 1 of 2 new Cyber Essentials badges: “Cyber Essentials” or “Cyber Essentials Plus”. These badges allow a company to advertise the fact that it adheres to a government endorsed standard.

Encription Limited provide Certification for Cyber Essentials Plus (Level 2).

Cyber Essentials Plus requires a self assessment to be submitted, along with supporting evidence, to Encription Limited under the signature of a senior director, stating that all the criteria have been met.

The key areas of assessment include secure configuration of firewalls and other devices capable of connecting to the internet, user access control, use of anti-virus software and the need to keep operating systems and programs up to date.

Following the Self Assessment, the company will be required to pass an on-site vulnerability assessment performed by staff from Encription Limited. These staff are fully trained to a minimum CHECK Team Member Status and each hold a minimum of SC Level Clearance.