Cyber Essentials Plus is a government-backed certification that shows your business has strong cyber security controls in place. Unlike the basic Cyber Essentials (which is a self-assessment), Plus includes a hands-on technical audit carried out by one of our qualified assessors.
Step 1 – Complete Your Cyber Essentials (Basic)
Before you can move on to Cyber Essentials Plus, you must first pass the Cyber Essentials self-assessment. See our guide: Gain your Cyber Essentials certificate – step by step
Once you’ve passed, you can begin the Plus process.
Step 2 – Book Your Cyber Essentials Plus Audit
Our Cyber Support Team will contact you to arrange a date for your audit with one of our assessors.
You’ll then receive a booking confirmation email which will include a link to schedule your Pre-Engagement Call.
This call must be booked at least 14 days before your audit date.
Step 3 – Provide Your Technical Information
A member of our Support Team will ask you to upload:
Your device inventory list
Your external IP addresses
You’ll receive a secure upload link in your email.
Step 4 – The Pre-Engagement Call
During this call, our assessor will:
Review your setup and systems
Agree on the sample of devices to be tested during the audit
Explain the next steps
After the call, our Technical Support Team will send you a link to install the Cyber Essentials Plus Agent on the sample devices.
Step 5 – Install the Agents and Fix Any Issues
Use the link provided to install the Agents on your sample devices.
Once installed, you can view and fix any vulnerabilities found through our daily scanning platform, CyberIntel. Watch: How to use CyberIntel for scanning
Important: You must fix all vulnerabilities with a CVSS score above 7.0 before your audit date.
Step 6 – The Audit Day
On the day of your Cyber Essentials Plus audit:
You’ll join a Microsoft Teams call with the assessor
All sample devices must be turned on and accessible
The assessor will carry out the following tests:
Internal and external vulnerability scans
Malware protection test
Multi-Factor Authentication (MFA) check
Account separation review
Mobile device checks
Step 7 – Getting Your Results
✅ If You Pass
You’ll receive your Cyber Essentials Plus certificate on the same day.
See: Who receives the Cyber Essentials certificate?
❌ If You Don’t Pass
The assessor will email you with:
The reason(s) for failure
Details of what needs fixing
Instructions for arranging a retest
You’ll need to fix all issues shown in your assessor’s email and any remaining vulnerabilities in CyberIntel.
Once everything is resolved, contact our Support Team to book your retest.
Retests must be completed within 14 days of your original audit date.
You can have multiple retests within the 14-day window if needed.
Please note, each retest will incur an additional fee.
Contact: Use our Live Chat or email us at [email protected] for more information.