Cyber Essentials Certification UK — CE & CE Plus, fully managed
UK government-backed cybersecurity certification, done for you. We deploy our compliance agent across every Windows, macOS, iOS and Android device, automate the five technical controls, submit to IASME and own the renewal cycle. From £103/month.
Verifying a supplier? Use our free Cyber Essentials register checker →
- IASME submission & certification fee
- Compliance agent on every device
- Free £25k cyber-liability insurance
Cyber Essentials, without the four-week project
Skip the assessor fee plus weeks of internal IT remediation. One monthly subscription covers IASME submission, the compliance agent, third-party patching, security awareness training and policy templates — on every device.
Done-for-you certification
We deploy our agent across every device, automate the five technical controls, submit your IASME-validated assessment, and own the annual renewal cycle for as long as you stay with us.
One agent, every device
Lightweight Active Protect agent for Windows, macOS, iOS and Android — up to 5 devices per user. Continuous compliance scoring per endpoint, automated remediation where possible.
Predictable monthly cost
One subscription, no surprise renewal invoice. Includes the IASME certification fee, third-party patching, awareness training, the policy manager and free £25k cyber-liability insurance.
Continuous compliance — not a one-off project
Most certifications stall on the technical evidence. Our agent does the heavy lifting so the IASME questionnaire becomes paperwork, not a remediation project — and stays passing between renewals.
- Auto-remediation, not just reporting — firewall, secure-config baselines, MFA, app patching enforced from a single dashboard
- Evidence pack built for IASME — you answer business-context questions, we submit the technical evidence
- Annual renewal owned by us — certificate fee, agent, patching, training, policies all in one monthly price
Is your email domain set up for Cyber Essentials?
Enter your business email and we'll run 8 instant DNS checks — SPF, DKIM, DMARC, MTA‑STS, BIMI, DNSSEC and more — then give you a 0–100 score and a fix list. Takes about 4 seconds.
Want a permalink to share with your team or auditor? See the full Domain Checker — SPF, DKIM, DMARC test page (with score bands, fixes and a deeper write-up).
One monthly price. Everything included.
Published prices, ex VAT, UK only. Renewal is exactly 12 months from order date. The CE Plus audit must be booked within 3 months of CE being issued (allow 3 weeks lead time).
Cyber Essentials
Self-assessment certification, fully managed. The right starting point for most UK SMEs.
| Users | Monthly | Annual |
|---|---|---|
| 1–9 users | £103.00 / mo | £1,025.00 / yr |
| 10–19 users | £134.00 / mo | £1,340.00 / yr |
| 20–49 users | £229.00 / mo | £2,285.00 / yr |
| 50–99 users | £321.00 / mo | £3,205.00 / yr |
| 100–249 users | £475.00 / mo | £4,750.00 / yr |
| 250+ users | POA | POA |
- Cyber Essentials self-assessment, including IASME submission and certification fee
- Active Protect agent for up to 5 devices per user (Windows, macOS, iOS, Android)
- 3rd-party app patching for Windows and Mac (Patch)
- 18-module Learn Lite security-awareness training
- Smart Policies — templates and policy manager
All prices ex VAT · UK only · Monthly orders are subject to a 12-month term.
Cyber Essentials Plus
Everything in Cyber Essentials, plus an independent IASME-licensed audit. Required for many UK government & MoD contracts.
| Bundle pricing | Vulnerability Manager (optional) | |||
|---|---|---|---|---|
| Users | Monthly | Annual | Monthly | Annual |
| 1–9 users | £272.00 / mo | £2,716.00 / yr | £18.50 / mo | £210.00 / yr |
| 10–19 users | £326.00 / mo | £3,255.00 / yr | £47.50 / mo | £530.00 / yr |
| 20–49 users | £421.00 / mo | £4,205.00 / yr | £123.50 / mo | £1,375.00 / yr |
| 50–99 users | £552.00 / mo | £5,520.00 / yr | £279.50 / mo | £3,095.00 / yr |
| 100–249 users | £819.00 / mo | £8,190.00 / yr | £669.00 / mo | £7,390.50 / yr |
| 250+ users | POA | POA | POA | POA |
- Everything in the Core Bundle, plus
- Cyber Essentials Plus audit and certification by an IASME-licensed assessor
- Active Protect agent for up to 5 devices per user (Windows, macOS, iOS, Android)
- 70+ module Learn security-awareness training and phishing simulation
- Privacy Toolbox — GDPR tools and document templates
- Smart Policies — templates and policy manager
- 3rd-party app patching for Windows and Mac (Patch)
- Vulnerability Manager (optional add-on): Optional add-on — continuous CE+-grade scanning and reporting on every device.
All prices ex VAT · UK only · Monthly orders are subject to a 12-month term.
Independent IASME audit — with zero drama on audit day
CE Plus is the same five technical controls — but verified by an independent IASME-licensed assessor rather than self-attested. We keep every enrolled device above the audit threshold continuously, so the assessor’s day is uneventful. Which is exactly what you want.
- External vulnerability scan of your internet-facing infrastructure
- Internal authenticated scan of a sample of every device type in scope
- Email & web malware tests — controlled phishing/EICAR payloads to confirm endpoint protection blocks them
- Account separation & MFA verification on every cloud service
Cyber Essentials vs Cyber Essentials Plus
Basic Cyber Essentials is the right starting point for most UK SMEs. CE Plus is required when a buyer’s contract or supplier portal explicitly demands it — most commonly UK government, MoD, NHS supply chain, and large-enterprise vendor onboarding for sensitive data.
| Cyber Essentials | Cyber Essentials Plus | |
|---|---|---|
| Assessment style | Self-assessment questionnaire (verified by IASME) | Independent technical audit by IASME assessor |
| External vulnerability scan | Not required | Yes — performed by the assessor |
| Internal authenticated scan of devices | Not required | Yes — sample of every device type |
| Email/web malware tests | Not required | Yes — phishing/malicious file simulations |
| Backed by NCSC | Yes | Yes |
| Includes free £25k cyber-liability insurance¹ | Yes | Yes |
| Typical time to certify (managed) | 2–4 weeks | 4–8 weeks (CE first, then audit within 3 months) |
| Required for many UK government & MoD contracts | Often baseline | Often required for MoD and sensitive data work |
| Renewal cycle | Annual | Annual |
¹ Free £25,000 cyber-liability insurance applies to UK-domiciled organisations with turnover under £20 m, when certified through an IASME-licensed body and renewed annually. Terms apply.
The five Cyber Essentials technical controls
Each of these control families is enforced automatically by our managed agent across every in-scope device — Windows, macOS, iOS and Android.
Firewalls
Properly configured boundary firewall on every internet-facing device. Default admin passwords changed, inbound services documented or blocked.
Secure configuration
Hardened baseline on every endpoint, no default passwords, unused accounts removed, auto-run disabled, drift reported automatically.
User access control
Least-privilege accounts, separate admin accounts, MFA mandatory on every cloud service. Our agent verifies enforcement.
Malware protection
Always-on endpoint protection on Windows and macOS. Platform anti-malware on iOS and Android. Application allow-listing where required.
Security update management
OS patching plus 3rd-party app patching for Chrome, Adobe, Zoom, Slack — the lot. Critical patches applied within 14 days.
From sign-up to certificate in 4 stages
Most clients are certified inside 4 weeks. Cyber Essentials Plus typically takes 4–8 weeks because of the independent audit slot.
Onboarding (week 1)
30-min scoping call — we confirm headcount, devices in scope, cloud services and the certification target (CE or CE+).
Continuous compliance
The agent rolls out across your estate. Each device is evaluated against the five controls and any remediation is applied automatically.
Submission & certification
You answer business-context questions. We attach the technical evidence pack and submit to IASME. CE typically issued in days.
Renewal & ongoing
The agent keeps you continuously compliant, so renewal is paperwork — no surprise re-implementation, no surprise renewal invoice.
In-depth guides — from scoping to renewal
Long-form articles covering every major Cyber Essentials topic for UK SMEs. Bookmark these for your project lead.
Cyber Essentials Requirements UK 2026
The IASME Requirements for IT Infrastructure v3.2 spec explained — the five controls, scope rules, password policy, MDM and cloud requirements for SMEs.
Read the spec guideCyber Essentials Questionnaire — Section-by-Section
Walkthrough of every IASME questionnaire section: what to write, common assessor pushback, and how to pass first time.
Read the answer guide£25k Free Cyber Liability Insurance
What the free Hiscox/IASME £25k cover includes, eligibility, claims process and when you should top it up.
Insurance explainedWhat is Cyber Essentials? Beginner’s Guide
Plain-English overview of the scheme: what it covers, what it costs, validity, and whether you actually need it.
Start hereHow to Get Cyber Essentials Certified
The 6-step process from scoping through to certificate — full checklist, remediation tips and realistic timeline.
Read the playbookM365 & Azure Configuration for CE
The 10 settings IASME assessors look for: Conditional Access baseline, Intune compliance and Defender setup.
Configure M365BYOD & Mobile Device Requirements
How to handle personal phones and tablets in scope: MDM enrolment vs blocking, Intune compliance settings, BYOD policy.
Handle BYODPassword Policy & MFA Requirements
The three accepted password approaches, MFA enforcement rules, and how to roll out passwordless / passkeys for CE.
Get MFA rightCyber Essentials Renewal — Full Checklist
What changes between issue dates, the 12-month renewal window, costs and how to avoid scope creep at renewal.
Renewal checklistGet Cyber Essentials certified, the easy way
One monthly subscription. We do the heavy lifting on every device. Free £25k cyber-liability insurance. Your IASME-aligned managed Cyber Essentials partner.
Cyber Essentials & CE Plus — questions, answered
What is Cyber Essentials?
Cyber Essentials is a UK government-backed cybersecurity certification scheme administered by IASME on behalf of the National Cyber Security Centre (NCSC). It certifies that an organisation has the five technical controls in place that would block the vast majority of common internet-borne attacks: a properly configured firewall, secure device configuration, user access control, malware protection and security update management.
What is the difference between Cyber Essentials and Cyber Essentials Plus?
Cyber Essentials is a self-assessment questionnaire validated by IASME. Cyber Essentials Plus is the same five technical controls — but verified by an independent IASME-licensed assessor through an external vulnerability scan, an internal authenticated scan of a sample of every device type, and email/web malware tests. Plus is required for many UK government and MoD contracts; basic Cyber Essentials is often the baseline.
How much does Cyber Essentials cost in the UK?
On the Connection Technologies managed plan, Cyber Essentials starts at £103/month (£1,025/year ex VAT) for 1–9 users and includes the IASME submission and certification fee, our compliance agent on every device, third-party patching, security awareness training and policy templates. Cyber Essentials Plus starts at £272/month (£2,716/year ex VAT) and includes everything in Cyber Essentials plus the independent technical audit. All prices are ex VAT.
How long does it take to get Cyber Essentials certified?
On a managed plan, basic Cyber Essentials typically takes 2–4 weeks from kick-off — most of that is our agent reaching every device and remediating any technical gaps automatically. Cyber Essentials Plus takes 4–8 weeks because the independent audit must be booked within 3 months of basic Cyber Essentials being issued, and the assessor needs roughly 3 weeks of lead time.
Do we need Cyber Essentials Plus or is basic Cyber Essentials enough?
For most UK SMEs the basic Cyber Essentials certificate is enough — it covers procurement requirements for many private-sector contracts, qualifies you for the free £25,000 IASME cyber-liability insurance and gives you the credibility badge for your website. Cyber Essentials Plus is required if you handle MoD contracts, sensitive government data, or if your supply chain explicitly mandates it (large enterprises and the NHS increasingly do). When in doubt, ask the contract owner — most procurement portals state which level they require.
What are the five Cyber Essentials controls?
The five technical controls are: (1) Firewalls — every internet-facing device must have a properly configured firewall; (2) Secure configuration — devices and software must be configured to reduce vulnerabilities (no default passwords, unused software removed, etc.); (3) User access control — user accounts assigned only to authorised individuals with the minimum access needed, with multi-factor authentication on cloud services; (4) Malware protection — anti-malware software, application allow-listing or sandboxing on every endpoint; (5) Security update management — operating systems and applications kept patched and within their vendor-supported lifetime. Our agent enforces all five automatically.
What is included with Cyber Essentials Plus when bought through Connection Technologies?
The Complete Bundle includes: Cyber Essentials self-assessment, Cyber Essentials Plus audit by an IASME-licensed assessor, our Active Protect agent on up to 5 devices per user (Windows, macOS, iOS, Android), 3rd-party app patching for Windows and Mac, 70+ module security-awareness training (Learn) with phishing simulation, the Privacy Toolbox of GDPR templates, and our Smart Policies template manager. Pricing is published on this page (ex VAT, UK only).
Does Cyber Essentials cover BYOD (employee-owned mobiles and laptops)?
Yes — and this is one of the biggest changes in the current Cyber Essentials standard. Any device used by an employee to access organisational data or services is in scope, including personal phones used for work email. You either need to enrol BYOD devices into management (so the controls can be enforced) or remove them from scope entirely (e.g. through a hardened bring-your-own-device policy that blocks data access from unmanaged devices). Our managed service handles the enrolment side via mobile device management.
How does Connection Technologies "do the heavy lifting" for Cyber Essentials?
We install a lightweight compliance agent on every in-scope device. The agent continuously scans against the Cyber Essentials technical controls, automatically pushes the fixes that can be remediated remotely (firewall configuration, secure-config baselines, app patching, MFA enforcement on cloud services), surfaces a compliance score per device, and produces the evidence pack that gets submitted to IASME. You answer business-context questions; we handle the technical evidence and renewal cycle.
Do you provide the £25,000 cyber-liability insurance with Cyber Essentials?
Yes — when you certify through Connection Technologies (an IASME-aligned partner), eligible UK organisations with annual turnover under £20 million automatically receive £25,000 of free cyber-liability insurance with their Cyber Essentials certificate at no extra cost. The cover is renewed annually with your certification.
How often do I need to renew Cyber Essentials?
Cyber Essentials and Cyber Essentials Plus must be renewed every 12 months from the certification issue date to remain valid. On our managed plan, renewal is built into the subscription — our agent keeps you continuously compliant between certifications, so renewal is largely a paperwork exercise rather than a re-implementation project.