Discover your certification today Browse
Open page navigation
compliancecyber securitydata breachesdata protection

Swift, streamlined and secure - the fastest and most secure way to achieve the Cyber Essentials certified badge. Complete the entire process online.

Cyber Essentials Certification

Protect your organisation from cyber-based threats.

APMG’s accredited certification bodies provide both Cyber Essentials and Cyber Essentials PLUS.  

Cyber Essentials

  • Self-assessment questionnaire completed entirely online, at your own pace.
  • Confirms your company’s IT systems comply with essential cyber security controls.
  • Assurance that your company is protected against the most common cyber-attacks.

Cyber Essentials PLUS

  • Provides maximum cyber security assurance.
  • An assessor will visit your office(s) to perform an on-site assessment.
  • Involves an internal vulnerability scan of your network – including workstations and mobile devices.
Get certified in three easy steps

Unparalleled Cyber Essentials certification experience

Swift certification

  • Companies have been certified within an hour using APMG’s online Cyber Essentials platform.

Get certified, your way

  • Complete the online questionnaire at your own pace. Save your progress at any point.

Trusted certification bodies

  • APMG is world renowned for its rigorous accreditation standards. You can be confident in the exceptional ability of our accredited certification bodies.

Transparent, all-inclusive pricing

  • Your upfront fee will include the full Cyber Essentials experience. Standard Cyber Essentials certification has a fixed fee of £300+VAT. 

Why Cyber Essentials certify?

Attract new business

  • Cyber Essentials certification proves to prospective clients that your business has the essential cyber security measures in place.

Get protected

  • Cyber Essentials certification confirms that your business is safe against the majority of cyber threats.

Progress towards GDPR compliance

  • GDPR regulation comes into effect on May 25th 2018. Cyber Essentials certification proves your business has taken the first step towards compliance.

Bid for Government contracts

  • Cyber Essentials certification is mandatory for many central government contracts which involve handling personal information and delivering certain ICT products and services.

Get certified

Cyber Essentials Accreditation

APMG is a UK Government appointed Cyber Essentials Accreditation Body – responsible for accrediting Cyber Essentials Certification Bodies.

Certification Bodies perform Cyber Essentials assessments and award companies their certificates.

APMG has been accrediting organizations for over two decades and its exemplary accreditation standards are world-renowned.

APMG-accredited Cyber Essentials Certification Bodies are instantly recognized for their exceptional assessors and service – having undergone rigorous third-party assessment.

The ultimate Cyber Essentials Certification Body experience

APMG is the only Cyber Essentials Accreditation Body to host its Certification Bodies on a user-friendly online portal.

The online portal makes assessing applications, connecting with clients and processing certificates easy and secure.

The online portal has been fully penetration tested and optimised for efficiency – to save time and money for your organisation.

Streamlined application process from start to finish:

  • Email all your assessors when there is a new application available.
  • Allow your assessors to communicate to the client and comment on the applications.
  • Return applications to the client for further review.
  • Review clients’ submitted documentation and evidence.
  • Manage your own assessors.

Apply to become a Cyber Essentials Certification Body

To begin – please complete the application form and email it to our Cyber Essentials team:

Download application form

Apply

RELATED PRODUCTS

Large pile of timber logs perfectly stacked

ISO/IEC 27001

Demonstrate exemplary management of information security

View more
Hot air balloons ascending into the clouds

Cloud Computing

Smooth ascension into the cloud

View more
Person stood on a cliff edge looking upon clouds rolling through mountains

The Cloud Industry Forum (CIF) Code of Practice

Ensure your cloud services are a beauty to behold

View more

TESTIMONIALS

MDG are pleased to be recently certified and found the process relatively straight forward and simple to apply.

Tony Crawford, Mersey Design Group Ltd

We found the APMG certification process extremely thorough and well-documented. We were delighted to be accredited first time and so quickly, as we place great emphasis on all aspects of IT security.

Hugh Silberrad, Polyformes Ltd

Our experience with applying for the Cyber Essentials certification has been a very smooth process. It was very speedy from the point we registered through to the certification being granted. There were helpful guides available and the application itself was well laid out and easy to work through. We’d highly recommend for anyone looking to certify their proactive approach to potential cyber security threats.

Liv Morris, Water Direct

The entire experience with APMG has been highly satisfactory in all aspects and we look forward to continued contact and working with you in the future.

Dan Brereton, Imperial Civil Enforcement Solutions

Cyber Essentials accreditation for us was swift and painless and, as we had a lot of the pre-existing documentation, we were accredited in under 24 hours. It’s given us a massive advantage at securing and discussing requirements with new, bigger customers.

Daniel Dainty, Kamazoy Virtual IT Department

I found the certification process with the APMG system to be very straightforward and easy to use, I had no issues throughout the process.

Keltie LLP

The APMG system was great. Easy and straightforward to use.

AxonIT

The process with APMG was without stress and very straight forward. The people were very helpful, and the software and user guides easy to use. I would definitely use them again.

Helen Taylor, Tricostar

JR Connections are pleased to be Cyber Essentials Certified and found the process thought provoking but very worthwhile

John, JR connections

Cyber Essential Certification with APMG was extremely straight-forward with their slick system, allowing for a swift certification process. Highly Recommended

Alex Sweeting, 4 Ways Diagnostics

Our Certification process with APMG was a quick and rewarding process. We will definitely use APMG in the future and recommend them to anyone wishing to secure their I.T. infrastructure.

Barry, HMG Paints

We had a very straight forward experience getting certified by APMG, the team helped quickly and effectively when we had questions, and it took us around 24 hours to get certified!

Evan, Icelantic

APMG made registering very easy, online user guide was helpful & the process was very quick.

Martine, Hammond Clarke

CONTACT US

FAQs

How do I get a Cyber Essentials badge for my organisation?

To begin the Cyber Essentials certification process - please visit our online Cyber Essentials portal.

There you will see the list of APMG accredited Cyber Essentials Certification Bodies - choose one to start the application process.

The rest of the journey will be clearly explained.

If you are doing the standard Cyber Essentials level - your self-assessment Cyber Essentials questionnaire will be reviewed by your Certification Body's assessor.

When successful - you will be awarded your Cyber Essentials certification and badge.

How long does the Cyber Essentials certification last for?

Both Cyber Essentials and Cyber Essentials PLUS certificates last for 12 months from the date of certification. Our system will automatically issue you with a warning prior to expiry, so that you never miss your renewal date. 

How do I know what will be in scope for my Cyber Essentials assessment?

Cyber Essentials certification can cover the whole of an organisation’s enterprise IT, or a sub-set.

Whether the whole or a part of the organisation is subject to certification, the scope must be clearly defined in terms of the organisation or business unit managing it, the network boundary and physical location.

The name on the certificate must be consistent with the scope.

Cyber Essentials is not intended for use with bespoke IT systems such as those found in manufacturing, industrial control systems, on-line retail and other environments.

Whilst the fundamentals of Cyber Essentials are equally applicable, these types of system will have different constraints, attack vectors and vulnerabilities.

In general, the areas that will be in scope are those that affect the security of your information and over which you have control. That will include any IT equipment within your offices or properties from where you operate. 

It will also include any outsourced services where you have a specific contract (such as for the provision of IT equipment) as distinct from a “generic” contract with people like Google for Gmail email services. 

This might mean you need to check with your service provider exactly how they deal with your information and the security of the services they provide to you.

Who needs to complete the online Cyber Essentials self-assessment questionnaire?

The person completing the online Cyber Essentials self-assessment questionnaire can be anyone within your organisation.

However as part of the application process - all applications that are submitted to a certification body for assessment must be signed off by a senior staff member. This is to confirm that all answers given are true.

For more details on how to sign off your companies please see the user guide which can be downloaded from our online Cyber Essentials portal.

Who needs to authorise the completion of the Cyber Essentials self-assessment questionnaire?

The responsibility and accountability for information security lies at board level. It is therefore a requirement that a senior executive signs off on the questionnaire to demonstrate that whilst someone else might have provided the information, there is senior level commitment to information security within the organisation.

Who should be on the telephone interview to review the Cyber Essentials self-assessment questionnaire?

It's the job of your chosen Certification Bodies’ assessors to ensure that information given is as accurate and comprehensive as it needs to be in order to meet the requirements of the Cyber Essentials certification.

When they contact you, they will be seeking to ensure that you have provided all the relevant information and to address any gaps or vagueness there might be in your answers. 

You may therefore require the assistance of the technical support either in-house or from an outsourced supplier as applicable.

Will Cyber Essentials stop me getting hacked?

Cyber Essentials offers a sound foundation of basic hygiene measures that all types of organisations can implement and potentially build upon.

Implementing these measures can significantly reduce an organisation's vulnerability. However, it does not offer a silver bullet to remove all cyber security risk; for example, it is not designed to address more advanced, targeted attacks and organisations facing these threats will need to implement additional measures as part of their security strategy.

I do not operate my own ISP / have a server, just a laptop / desktop. Is Cyber Essentials suitable for me?

Cyber Essentials is most certainly suitable for you. Whilst you might think you are not likely to be a target for an attack from the internet, the fact that you are a small organisation suggests to attackers you might be doing less to protect yourself.  They will therefore see you as an easy target. 

Cyber Essentials will help to ensure you will not fall victim to such attacks or can recover from them more effectively if you do.

Will my chosen Cyber Essentials Certification Body help me fix any issues or prepare for the Cyber Essentials assessments?

At no time will the Certification Body's assessors offer to fix or correct any issues you might have. 

APMG see this as a clear conflict of interest. Assessors are more than happy to help organisations prepare for Cyber Essentials or Cyber Essentials PLUS, but if they become consultants helping the organisation in a significant way, they will pass the assessment duties to another Certification Body.
If you require consultancy services please choose a Certification Body via our online Cyber Essentials portal and contact it directly.

How long will it take me to complete my Cyber Essentials Certification?

You can complete your certification from initial registration to certification easily within 48 hours, perhaps even sooner (it's happened before within an hour).

APMG Certification Bodies will return an application within two working days and assuming that your application is of a sufficient standard and no further information is required - you will receive your certification on the day you are notified.

However, most applications are not perfect the first time around and so this could incur some delay.

For quick certification please ensure that you provide comprehensive answers to all the questions on the questionnaire, and ensure that you upload as much evidence as required in the documentation section.

How much does it cost to become a APMG-accredited Cyber Essentials Certification Body?

The cost of becoming a Certification Body with APMG for Cyber Essentials and Cyber Essentials PLUS is £1200 and £1700 respectively. This is payable every three years.

What are the requirements for being an APMG-accredited Cyber Essentials Certification Body?

There are two paths for being an APMG Certification Body.
The first is to be accredited to any of the following standards:

  • 17020:2012
  • 17021:2011
  • 17024: 2012
  • 17065:2012

The second is to supply your full Quality Management System (QMS) to APMG for review by our Standards Team. The application is based on how the processes within your QMS address the following areas:

  • A process to describe how you cover your financial liabilities..
  • An organisational chart showing all staff positions.
  • A process to show how your organisation selects which of your assessors is assigned to which client’s application.
  • A description of your facilities and equipment (hardware/software), that would be used in the management of the client’s applications.
  • A process to describe how your organisation handles subcontractors (including evaluation and training); including a list of currently employed subcontractors.
  • A process to describe your organisation’s complaints procedure – how they are logged, tracked, handled and closed. This should include appeals and your companies SLAs.
  • A process to show how your organisation manages and controls your continual improvement.
  • A process to describe how you audit, and manage your QMS internally.
  • A process to describe how you control hard and soft documents internally.

You must also be Cyber Essentials certified in order to be a Certification Body for Cyber Essentials.

FIND ME A TRAINING PROVIDER

Please tell us your training requirements and we'll find you a training provider

BECOME A TRAINING ORGANISATION

Please provide your company details to begin your journey to becoming accredited