ipfour
ServicesCybersecurityCloud Infrastructure and DevOpsMicrosoft 365 and ProductivityManaged IT SupportBackup and DRIT ConsultancyCommunications and VoIPNetwork InfrastructureEmail SecurityRemote and Hybrid WorkingCompliance and CertificationAI Services
CompanyWhy IP FourAbout UsCase StudiesSectorsContact
020 4525 3748Free Security Review
Security auditor conducting technical verification testing on enterprise network infrastructure
ComplianceCyber Essentials Plus
Cyber Essentials Plus

Cyber Essentials Plus. Independently verified. Fully trusted.

Cyber Essentials Plus goes beyond self-assessment. An independent technical auditor tests your systems directly, verifying that the five controls are not just documented but actually working. Required by government frameworks, defence supply chains, and enterprise clients who need more than your word for it.

Start Your CE Plus Certification020 4525 3748
IASME Accredited
Certified in 6 to 10 Weeks
Government Supply Chain Ready
100% Pass Rate
CE vs CE Plus

What makes Cyber Essentials Plus different.

Both certifications cover the same five controls. The difference is how they are verified. Cyber Essentials Plus requires an independent technical auditor to test your systems directly.

Feature
Cyber Essentials
Cyber Essentials Plus
Self-assessment questionnaire
IASME-accredited assessor review
Independent technical audit
Vulnerability scanning
On-site or remote technical testing
Accepted for government contracts
Required for MOD supply chain
Accepted by enterprise procurement
What the Auditor Tests

Five controls. Technically verified.

The auditor does not just review your documentation. They test your systems. Here is what they look for in each control area and how we prepare you.

1

Firewalls

Boundary firewalls and internet gateways configured to protect your network. The auditor will test that only necessary ports and services are exposed.

Audit Focus

Port scanning and firewall rule review

2

Secure Configuration

Devices and software configured securely with unnecessary features disabled. The auditor will check for default credentials and unnecessary services.

Audit Focus

Device configuration review and credential testing

3

User Access Control

User accounts with minimum necessary privileges and strong authentication for administrative access. The auditor will verify privilege separation.

Audit Focus

Account privilege review and MFA verification

4

Malware Protection

Protection against malware through anti-malware software, application whitelisting, or sandboxing. The auditor will verify protection is active and current.

Audit Focus

Malware protection verification and sample testing

5

Patch Management

Software and devices kept up to date with security patches applied within 14 days of release. The auditor will check patch levels across in-scope devices.

Audit Focus

Patch level verification across all in-scope systems

Who Needs CE Plus

When self-assessment is not enough. CE Plus is the answer.

Government and Public Sector Suppliers

Many central and local government contracts require Cyber Essentials Plus as a condition of award. The independently verified certificate is the only acceptable evidence. We prepare your environment and get you through the audit.

Defence Supply Chain

MOD and defence prime contractors require Cyber Essentials Plus from their supply chain. The technical audit provides the independent assurance that self-assessment cannot. We have experience preparing businesses for defence supply chain requirements.

Enterprise Client Requirements

Large enterprise clients increasingly require Cyber Essentials Plus rather than the basic self-assessment. If a major client is asking for it, we can get you certified before the deadline.

Cyber Insurance Requirements

Some cyber insurance policies now require Cyber Essentials Plus as a condition of cover or to access preferred premium rates. We help you satisfy the requirement and document the evidence for your insurer.

Our Process

From preparation to certificate. We handle everything.

The technical audit is the part most businesses find daunting. We prepare your environment thoroughly so there are no surprises on audit day.

01

Cyber Essentials Foundation

Cyber Essentials Plus requires a valid Cyber Essentials certificate. If you do not already hold one, we complete the self-assessment process first.

02

Technical Environment Preparation

We prepare your technical environment for the independent audit, ensuring all five controls are correctly implemented and evidenced across your in-scope systems.

03

Vulnerability Scanning

We conduct pre-audit vulnerability scanning across your in-scope devices and network to identify and remediate any issues before the auditor arrives.

04

Technical Audit Support

We support you through the independent technical audit, attending as advisors, coordinating access, and responding to auditor queries in real time.

05

Remediation (if required)

If the auditor identifies any non-conformities, we remediate them promptly and coordinate re-testing to ensure certification is achieved.

06

Annual Renewal Management

Cyber Essentials Plus must be renewed annually. We manage your renewal cycle proactively so your certificate never lapses.

Ready to Get Certified?

Get your Cyber Essentials Plus certificate. We prepare you to pass first time.

We start with a free gap analysis to identify exactly what needs to change before the technical audit. From there, we fix it, prepare your environment, and support you through to certification.

Get Your Free Gap AnalysisAll Compliance Services