Everything You Need To Know About Cyber Essentials Certification

No matter the size of an organisation or the industry you work in, cybersecurity is an important issue. So, what exactly is Cyber Essentials Certification, and why does it matter to your business?

Put simply, Cyber Essentials is a cybersecurity certification program developed by the government to help organisations of all sizes protect themselves against the most common online threats.


It focuses on introducing fundamental measures that significantly reduce your risk of cyberattacks. The program is highly accessible and can be used by everyone from start-ups to large corporations.

By getting Cyber Essentials Certification, you will demonstrate that you have successfully implemented a set of basic cybersecurity controls to guard against common online threats. Here at Andrew Dodd Assessment Services Ltd, we’re here to help you do exactly that.

What are the key components and requirements of the Cyber Essentials Certification?

Firstly, you should have these five essential forms of protection against cyber attacks:

  1. Firewalls. Configuring and maintaining firewalls to protect your network from unauthorised access.

  2. Secure Configuration. Ensuring that computers and network devices are configured securely and with minimal vulnerabilities.

  3. User Access Control. Managing user accounts and permissions to restrict access to authorised personnel only

  4. Malware Protection. You must have measures to protect against malware, including antivirus and anti-malware software.

  5. Patch Management. This means keeping software up to date with the latest security patches to address known vulnerabilities.

These controls are designed to address known vulnerabilities that cybercriminals often exploit.

Secondly, you will need to carry out a self-assessment questionnaire, which covers numerous factors linked to the above. You will also need to provide evidence and documentation of their compliance with these controls.


In order to get Cyber Essentials Certification, you will also need to undergo an external vulnerability assessment. 

This must be performed by an independent third party, such as our team at Andrew Dodd Assessment Services Ltd. This assessment involves a real-world test of your systems and defences to identify potential vulnerabilities.

There are two levels of certification within the Cyber Essentials scheme.

First there is Cyber Essentials, which requires businesses to complete the self-assessment questionnaire and submit evidence of compliance. This mainly focuses on self-assessment.

Then there’s Cyber Essentials Plus, which involves a more rigorous assessment process. This means you must not only complete the self-assessment questionnaire but also undergo an external vulnerability assessment. This certificate therefore provides a higher level of assurance.

Andrew Dodd Associates is a Cheshire based IASME Cyber Essentials, Plus and Assurance Certification Body. We can help get the right certification for your requirements.

What are the benefits of getting accreditation?

Achieving Cyber Essentials Accreditation can offer several benefits, including:

  • A better reputation in regards to cybersecurity

  • Reduced risk of cyberattacks

  • More confidence from clients and investors

  • Potential eligibility for certain government contracts that require cybersecurity certification.

It's important to note that while Cyber Essentials Certification can greatly improve your cybersecurity practices, it is not a comprehensive solution and should be part of your broader cybersecurity strategy.

You will need to stay updated on emerging threats and best practices to ensure their defences are effective against evolving cyber risks.

If you need more information on getting accreditation, simply contact our friendly team today.