Cyber Essentials Plus

Purpose

Cyber Essentials Plus is the highest level of assurance under the scheme. It builds on the standard certification by adding an independent technical audit, verifying that your security measures are effective in practice. For SMEs in regulated sectors or pursuing government contracts, Plus offers maximum credibility and trust.

What’s Included

Pre-audit assessment to identify and resolve vulnerabilities in advance
Tailored remediation guidance to prepare your systems for the audit
Coordination with the accredited Certification Body to streamline the process
Audit support and representation to reduce complexity and stress
Post-audit recommendations for strengthening resilience beyond certification

Benefits

Gain the strongest signal of cybersecurity maturity under the Cyber Essentials scheme
Meet requirements for government and high-value supply chain contracts
Reassure clients, investors, and partners through independent validation
Identify and address hidden vulnerabilities before attackers exploit them
Build confidence and readiness for more advanced frameworks like ISO 27001 or SOC 2

Frequently Asked Questions

It builds on Cyber Essentials with an independent technical audit. Instead of self-certifying, an external assessor tests your systems to ensure the controls are actually effective.

Yes. You must first achieve Cyber Essentials certification before applying for Cyber Essentials Plus.

The auditor will run vulnerability scans, check your patch management, test your malware protection, and ensure your systems are configured securely.

It can be challenging if gaps exist, but with preparation and support from Phenomlab, most SMEs can achieve it smoothly.

If you want to win larger contracts, strengthen supply chain trust, or demonstrate a higher level of security maturity, Plus provides that independent validation.

Cyber Essentials Comparison

Feature / Level	Cyber Essentials Light (Readiness)	Cyber Essentials (Official)	Cyber Essentials Plus (Audited)
Purpose	Informal gap analysis to prepare for certification	Government-backed self-assessment certification	Full certification with independent audit
Official Certification	No	Yes	Yes
Assessment Method	Consultancy-led review & recommendations	Self-assessment questionnaire	Independent technical audit + testing
Cost Level	Low (entry-level)	Moderate (affordable for SMEs)	Higher (audit costs included)
What You Get	Action plan; gap analysis; readiness report	Cyber Essentials certificate valid for 12 months	Cyber Essentials Plus certificate valid for 12 months
External Validation	No	No	Yes
Supply Chain / Contract Readiness	Basic reassurance	Required by many UK contracts	Required by government & high-trust contracts
Best For	Startups & SMEs exploring certification	SMEs needing formal certification	SMEs scaling; handling sensitive data; or working in regulated supply chains
Progression Path	Prepares you for Cyber Essentials	Can be upgraded to Plus	Highest assurance level

Cyber Essentials Comparison

Cyber Essentials Light (Readiness)

Purpose: Informal gap analysis to prepare for certification
Official Certification: No
Assessment Method: Consultancy-led review & recommendations
Cost Level: Low (entry-level)
What You Get: Action plan; gap analysis; readiness report
External Validation: No
Supply Chain / Contract Readiness: Basic reassurance
Best For: Startups & SMEs exploring certification
Progression Path: Prepares you for Cyber Essentials

Cyber Essentials (Official)

Purpose: Government-backed self-assessment certification
Official Certification: Yes
Assessment Method: Self-assessment questionnaire
Cost Level: Moderate (affordable for SMEs)
What You Get: Cyber Essentials certificate valid for 12 months
External Validation: No
Supply Chain / Contract Readiness: Required by many UK contracts
Best For: SMEs needing formal certification
Progression Path: Can be upgraded to Plus