Who is it for?

Who is it for?

Let’s start with the basics: Cyber Essentials is a UK Government backed scheme that is specifically designed for protecting organisations against common cyber-attacks. Achieving your cyber essentials plus certification will enable you to work with organisations such as the Central Government, MOD, Local government, and data heavy industries.

Upon passing the scheme, your business receives a Cyber Essentials Plus certification, a listing on the Cyber Essentials database, and you may also be entitled to Cyber Insurance. Cyber Essentials can be used either to certify your entire organisation, or it can be focused on a specific business unit provided that there is suitable network segregation.

The government took action in 2014 to reduce the security risk within their supply chain by introducing a mandate for any organisation embarking on a government contract to be certified against the Cyber Essentials scheme.

Cyber Essentials was introduced by the UK government to help organisations mitigate 80% of cyber threats. The National Cyber Security Centre (NCSC) encourages all organisations that are based in or trading with the UK to implement either the Cyber Essentials or Cyber Essentials Plus scheme.


How can we help?

How can we help?

Secarma consists of an experienced group of cybersecurity experts,
highly skilled in penetration testing, training, and consultancy.

Drawing on experience gained over 20 years in business and with a strong reputation to match, Secarma is the best choice for achieving your cyber essentials plus certification. We’re continuously investing in research, internal training, and technical development to ensure we provide our customers with the best service.

Our consultative approach is how we stand out from the competition. We put you in touch with one of our experienced testers from the get-go, meaning you’ll have an expert by your side throughout the process.

Our consultants are all highly accredited, passionate, and proficient not just at hacking into your systems, but also communicating to senior management and security teams how they achieved this.

By working with us, you can give your security team a better idea of what to expect, and
prepare your business for real-world attacks.

What we test

What we test

Cyber Essentials Basic:

Cyber Essentials Basic requires you to answer a series of questions covering key aspects of your information security – this helps you to understand your organisations strengths and identify your weaknesses.

Cyber Essentials Plus Certification:

On the day of testing, our expert assessor will complete the following

  • External Vulnerability Scan of public facing IPs
  • Internal Vulnerability Scan with credentials on a sample of end user
    devices and server
  • Account Segregation Test on end user devices
  • Anti Malware testing
  • Review of MFA implementation

To achieve certification, all tests must be passed. Should any remedial work be required then you will have 30 days to make any changes and then undergo re-testing.

The areas of vulnerability that Cyber Essentials aims to assess include:

  • Firewalls
  • Secure Configuration
  • Security Update Management
  • User Access Controls
  • Password Based Authentication
  • Malware Protection

By implementing these technical controls, your organisation can defend itself against the most common cyber threats whilst being part of the endeavour to make the UK one of the safest places to do business.

Achieving your Cyber Essentials Plus certification not only demonstrates an enhanced commitment to cyber security but also allows one of our technical auditors to review the implementation of security controls to ensure that they are in place and effective.


cyber essentials plus certification badge

Download our Fact Sheet


Other services

Virtual Information Security Manager

Virtual Information Security Manager

Developing and maintaining a robust cybersecurity posture can be challenging for organisations who e...

Incident Response Scenario Testing (Wargaming)

Incident Response Scenario Testing

Modern organisations face a range of cybersecurity risks and whilst every effort may be made to prev...

Build Configuration Security Review

Build Configuration Security Review

A build configuration security review can provide system administrators with a comprehensive overvie...

Cloud Configuration Security Review

Secarma’s Cloud Configuration Security Review tests the configuration of the chosen cloud provider...

Cyber Security Maturity Assessment

Our Cyber Security Maturity Assessment (CSMA) evaluates your organisation's current security program...

Threat Modelling

Threat Modelling is a structured tabletop exercise which is used to identify and mitigate potential...

Firewall Configuration Security Review

Firewall Configuration Security Review

Firewalls are an essential component of network security as they monitor incoming and outgoing netwo...

IOT Cyber Scheme

IoT Cyber Scheme

Internet of Things (IoT) is a standard against which manufacturers of IoT devices can have their dev...

Privacy and Data Protection Services

As UK data protection laws evolve away from the requirement to employ Data Protection officers, Seca...