Discover your certification today Browse
Open page navigation
compliancecyber securitydata breachesdata protection

APMG Cyber Essentials is the quickest and most secure way to get certified.

ONLY £300

Cyber Essentials is an industry supported certification scheme developed by the UK Government. The certification scheme provides criteria for organizations to measure their cyber-security systems by measuring and implementing 5 key controls, that can prevent 80% of cyber attacks.

Why should you get a Cyber Essentials Certification?

The government's Cyber Essentials page states: "Cyber criminals don’t just attack banks and large companies - they target any organisation which isn’t properly protected, even small businesses - like yours".  

Cyber Essentials has numerous benefits for organisations looking to acheieve certification to the scheme.

  • It's cost-effective.  The standard cyber essentials certification with APMG will always be £300+Vat.  When seeking out cyber insurance, a cyber essentials certificate for your organisation can significantly lower your premium.
     
  • It's government endorsed.  Cyber Essentials is a government endorsed certification scheme, which allows your organisation to bid for government contracts. We've seen an exponential increase in organisations making Cyber Essentials mandatory for their supply chain, especially for government sectors such as the Ministry Of Defence (MOD) or the Nuclear Decommisioning authority (NDA).
     
  • Stand out from your competitors.  By displaying the certification badge on your website, you are demonstrating to your clients that your organisation has met government standards to ensure measures in place for keeping the clients' information secure.
     
  • Meet the new EU General Data Protection Regulation (GDPR) requirements. When the new GDPR rules reach the UK, organisations can be fined from the EU 4% of their annual global turnover if they suffer from a breach. Cyber Essentials implementation will help organizations meet the requirements.

Why was Cyber Essentials Introduced?

The cyber space climate is such that instances of cyber security breaches are becoming increasingly frequent.  Many organizations are making the wise move of implementing controls such as ISO27001 - but such efforts only constitute a single aspect of an over-arching cyber security strategy.

Cyber Essentials has been developed to address the need for government and wider industry to ensure that their partners and suppliers are implementing a standard level of cyber security. Certification in Cyber Essentials not only instils confidence in the organization achieving certification – but allows the organization to provide evidence to its customers and stakeholders that their assets and data are resilient against cyber threats.

Which controls does Cyber Essentials cover?

  • Boundary firewalls and internet gateways – prevention of unauthorized access
  • Secure configuration – ensures secure system configuration
  • Access Control – ensures appropriate access to systems
  • Malware protection – installation and maintenance of virus and malware protection
  • Patch management – application of patches and ensuring the latest version of applications is used

What levels of Cyber Essentials are available?

Cyber Essentials certification will provide a basic level of confidence that an organization has implemented cyber security controls effectively.

Cyber Essentials Plus builds on the Cyber Essentials foundations. Certification at this level tests whether the organization’s implemented controls are sufficient to protect against internet based threats. Achieving Cyber Essentials Plus certification is more challenging than achieving the standard Cyber Essentials certification, and includes a pen test to provide a higher level of assurance that the organization’s cyber assets are secure. Certification is valid for 12 months.

The standard Cyber Essentials certification must already be held in order to apply for Cyber Essentials Plus certification.

What are the benefits of Cyber Essentials certification?

  • Provides cost-effective, basic cyber security for organizations of all sizes
  • Demonstrates that an organization meets one of the eligibility requirements when bidding for UK Government contracts
  • Can reduce the risk of prevalent cyber-attacks on an organization
  • Differentiate yourself from your competitors by demonstrating that you take cyber security seriously

The Defence Cyber Protection Partnership (DCPP) advocates Cyber Essentials as the first of four levels of Cyber risk. To cover all four levels, read about our Cyber Defence Capability Assessment Tool (CDCAT) which covers the Cyber risk level to 'high'.

Interested in becoming a certification body?

We’re looking for new partners!

APMG Certification Bodies (CBs) are directly responsible for independently verifying and assessing organisations’ cyber security controls so that they meet the requirements of the Cyber Essential scheme.

As a Certification Body your organisation will be responsible for assessing all organisations who wish to meet the criteria of the Cyber Essentials scheme through our new online portal.

If you require further assistance on becoming a Certification Body, then please contact us.

Why APMG?

APMG is the only accreditation body to host its certification bodies in a user-friendly online portal that makes assessing applications, connecting with clients, and processing certificates easy and secure.

The online portal has undergone full penetration testing and has been optimised for efficiency in order to save time and money for your organisation - by streamlining the whole application process from start to finish.

The online system for processing applications will:

  • Email all your assessors when there is a new application available
  • Allow your assessors to communicate to the client and comment on the applications
  • Return applications to the client for further review
  • Review clients’ submitted documentation and evidence
  • Manage your own assessors

What are the Costs/Benefits?

CE Application cost to become a Certification Body with APMG for basic Cyber Essentials is £1000 (+Vat for UK based CBs), which is payable every three years.

For every organisation that is assessed, the Certification Body receives £100 per application (or £150 if the CB sources the client)

What are the requirements for being an APMG Certification Body?

There are two paths for being an APMG Certification Body. 

The first is to be accredited to any of the following standards:

  • 17020:2012
  • 17021:2011
  • 17024: 2012
  • 17065:2012

The second is to supply your full Quality Management System (QMS) to APMG for review by our Standards Team. The application is based on how the processes within your QMS address the following areas:

  • A process to describe how you cover your financial liabilities.. 
  • An organisational chart showing all staff positions.
  • A process to show how your organisation selects which of your assessors is assigned to which client’s application.
  • A description of your facilities and equipment (hardware/software), that would be used in the management of the client’s applications.
  • A process to describe how your organisation handles subcontractors (including evaluation and training); including a list of currently employed subcontractors.
  • A process to describe your organisation’s complaints procedure – how they are logged, tracked, handled and closed. This should include appeals and your companies SLAs.
  • A process to show how your organisation manages and controls your continual improvement.
  • A process to describe how you audit, and manage your QMS internally.
  • A process to describe how you control hard and soft documents internally.

You must also be Cyber Essentials certified in order to be a Certification Body for Cyber Essentials. If you would like to get Cyber Essentials certified, please begin the application process above

I'm ready for my organisation to become an APMG Cyber Essentials Certification Body, how do I start?

To begin, please complete our application form and send it to cyberessentials@apmgroup.co.uk. From here a member of our Cyber Essentials team will contact you regarding your application.

RELATED PRODUCTS

Hot air balloons ascending into the clouds

Cloud Computing

Smooth ascension into the cloud

View more
Satellite overlooking earth

CDCAT® Insurance Services

Gain full awareness before accepting cover

View more
Man lost in the fog holding a map

OBASHI® - Business and IT Management

Clearing the fog surrounding your business - helping you to make the right decisions

View more

HAVE A QUESTION?

FAQs

How do I get a Cyber Essentials badge for my organisation?

To start the process please go to https://apmg-certified.com/Selection.aspx and choose your Certification Body  by clicking the green 'Go to' button. On each Certification Bodies page, you can click the button labelled 'Start the application Process to begin your application using the secure online platform. This can manage your application from start to finish. 

How long does the certification last for?

The certifications at both Cyber Essentials (CE) last for 12 months from the date of certification. Our system will automatically issue you with a warning prior to your expiry, so that you never miss your renewal date. 

How do I know what will be in scope for my cyber essentials assessment?

Certification can cover the whole of an organisation’s enterprise IT, or a sub-set. Whether the whole or a part of the organisation is subject to certification, the scope must be clearly defined in terms of the organisation or business unit managing it, the network boundary and physical location. The name on the certificate must be consistent with the scope.

Cyber Essentials is not intended for use with bespoke IT systems such as those found in manufacturing, industrial control systems, on-line retail and other environments. Whilst the fundamentals of Cyber Essentials are equally applicable, these types of system will have different constraints, attack vectors and vulnerabilities.

In general, the areas that will be in scope are those that affect the security of your information and over which you have control. That will include any IT equipment within your offices or properties from where you operate.  It will also include any outsourced services where you have a specific contract (such as for the provision of IT equipment) as distinct from a “generic” contract with people like Google for Gmail email services.  This might mean you need to check with your service provider exactly how they deal with your information and the security of the services they provide to you.

 

Who needs to complete the online CE Application?

The person completing the questionnaire can be anyone within your organisation, however as part of the application process, all applications that are submitted to a certification Body for assessment must be signed off by a senior staff member. This is to confirm that all answers given are true. For more details on how to sign off your companies in the portal please see the user guide which can be downloaded here → https://ces.apmg-certified.com/  and then clicking on 'user guide'

Who needs to authorise the completion of the questionnaire?

The responsibility and accountability for information security lies at board level.  It is therefore a requirement that a senior executive signs off on the questionnaire to demonstrate that whilst someone else might have provided the information, there is senior level commitment to information security within the organisation.

Who should be on the telephone interview to review the questionnaire?

The Certification Bodies’ assessor’s job is to ensure that information given is as accurate and comprehensive as it needs to be in order to meet the requirements of the Cyber Essentials certification. When they contact you, they will be seeking to ensure that you have provided all the relevant information and to address any gaps or vagueness there might be in your answers.  You may therefore require the assistance of the technical support either in-house or from an outsourced supplier as applicable.

Will Cyber Essentials stop me getting hacked?

Cyber Essentials offers a sound foundation of basic hygiene measures that all types of organisations can implement and potentially build upon. Implementing these measures can significantly reduce an organisation's vulnerability. However, it does not offer a silver bullet to remove all cyber security risk; for example, it is not designed to address more advanced, targeted attacks and organisations facing these threats will need to implement additional measures as part of their security strategy.

I do not operate my own ISP / have a server, just a laptop / desktop. Is Cyber Essentials suitable for me?

Cyber Essentials is most certainly suitable for you. Whilst you might think you are not likely to be a target for an attack from the internet, the fact that you are a small organisation suggests to attackers you might be doing less to protect yourself.  They will therefore see you as an easy target.  Cyber Essentials will help to ensure you will not fall victim to such attacks or can recover from them more effectively if you do.

Will the certification body help me fix any issues or prepare for the Cyber Essentials assessments?

At no time will the certification body’s assessors offer to fix or correct any issues you might have.  APMG see this as a clear conflict of interest.  Assessors are more than happy to help organisations prepare for Cyber Essentials or Cyber Essentials Plus, but if they become consultants helping the organisation in a significant way, they will pass the assessment duties to another certification body.
If you require consultancy services please choose a certification body from https://ces.apmg-certified.com and contact the chosen certification body directly.

How long will it take me to complete my Certification?

You can complete your certification from initial registration to certification easily within 48 hours, perhaps even sooner (its happened before within an hour).

APMG certification bodies will return an application within two working days and assuming that your application is of sufficient standard and no further information is required you will receive your certification on the day you are notified. However, most applications are not perfect the first time around and so this could incur some delay.

For quick certification please ensure that you provide comprehensive answers to all the questions on the questionnaire, and ensure that you upload as much evidence as required in the documentation section.

 

Why APMG?

APMG is the only accreditation body to host its certification bodies in a user-friendly online portal that makes assessing applications, connecting with clients, and processing certificates easy and secure.
The online portal has undergone full penetration testing and has been optimised for efficiency in order to save time and money for your organisation - by streamlining the whole application process from start to finish.
The online system for processing applications will:

  • Email all your assessors when there is a new application available
  • Allow your assessors to communicate to the client and comment on the applications
  • Return applications to the client for further review
  • Review clients’ submitted documentation and evidence
  • Manage your own assessors

What are the Costs/Benefits?

CE Application cost to become a Certification Body with APMG for basic Cyber Essentials is £1000 (+Vat for UK based CBs), which is payable every three years
For every organisation that is assessed, the Certification Body receives £100 per application (or £150 if the CB sources the client)

What are the requirements for being an APMG Certification Body?

There are two paths for being an APMG Certification Body.
The first is to be accredited to any of the following standards:
17020:2012
17021:2011
17024: 2012
17065:2012
The second is to supply your full Quality Management System (QMS) to APMG for review by our Standards Team. The application is based on how the processes within your QMS address the following areas:
A process to describe how you cover your financial liabilities..
An organisational chart showing all staff positions.
A process to show how your organisation selects which of your assessors is assigned to which client’s application.
A description of your facilities and equipment (hardware/software), that would be used in the management of the client’s applications.
A process to describe how your organisation handles subcontractors (including evaluation and training); including a list of currently employed subcontractors.
A process to describe your organisation’s complaints procedure – how they are logged, tracked, handled and closed. This should include appeals and your companies SLAs.
A process to show how your organisation manages and controls your continual improvement.
A process to describe how you audit, and manage your QMS internally.
A process to describe how you control hard and soft documents internally.
You must also be Cyber Essentials certified in order to be a Certification Body for Cyber Essentials. If you would like to get Cyber Essentials certified, please begin the application process above

I'm ready for my organisation to become an APMG Cyber Essentials Certification Body, how do I start?

To begin, please complete our application form and send it to cyberessentials@apmgroup.co.uk. From here a member of our Cyber Essentials team will contact you regarding your application.