Cybersecurity certification scheme Cyber Essentials & Cyber Essentials Plus, Differences

 

    Cyber Essentials is a UK government-backed cybersecurity certification scheme that helps organizations protect themselves against common cyber threats. It provides a framework of five basic cybersecurity controls that all organizations should implement to protect themselves against the most common cyber attacks

    Cyber Essentials Plus is a more advanced level of certification within the Cyber Essentials scheme. It builds on the basic Cyber Essentials certification and involves an additional independent technical assessment of an organization's cybersecurity systems and processes.

    Cyber Essentials and Cyber Essentials Plus are both UK government-backed cybersecurity certification schemes, but there are some key differences between the two.

1. Certification process: The Cyber Essentials certification process involves a self-assessment questionnaire that the organization completes and submits to the certification body. In contrast, the Cyber Essentials Plus certification process involves an external technical assessment of the organization's cybersecurity controls and processes carried out by an accredited certifying body.

2. Scope of assessment: The Cyber Essentials assessment covers the five basic cybersecurity controls, while the Cyber Essentials Plus assessment covers the same five controls but in greater depth. The assessment includes additional testing of the organization's cybersecurity systems, including simulated attacks, to verify that the controls are effective.

3. Level of assurance: The level of assurance provided by Cyber Essentials is based on self-assessment, while Cyber Essentials Plus provides a higher level of assurance, as the assessment is carried out by an external third party.

4. Certification duration: The Cyber Essentials certification is valid for one year, while Cyber Essentials Plus is valid for 12 months, but requires a re-certification assessment every 12 months.

5. Cost: The cost of Cyber Essentials is generally lower than Cyber Essentials Plus, as the latter involves a more rigorous assessment process.

6. Required level of cybersecurity maturity: Cyber Essentials is designed for organizations at a basic level of cybersecurity maturity, while Cyber Essentials Plus is aimed at organizations with more advanced cybersecurity controls and processes in place.

    Overall, the main difference between Cyber Essentials and Cyber Essentials Plus is the level of assurance provided by the certification, with Cyber Essentials Plus providing a higher level of assurance due to the more rigorous assessment process.