Contact Us
Contact Us
Thank you! Your submission has been received!
Oops! Something went wrong while submitting the form.
Subscribe to our newsletter
Thank you! Your submission has been received!
Oops! Something went wrong while submitting the form.

Cyber Essentials

Cyber Essentials (CE & CE Plus) is a Government-backed, industry-supported scheme to help organisations protect themselves against common online threats. CE will help you guard against the most common threats and is one of the first steps your organisation should take towards cyber security.

Find out more
Download a complimentary copy

Are you happy for Defendza to keep you informed on the latest developments in cyber security (attack reports, guidance, DIY articles)? Of course you can unsubscribe at any time. Please see our privacy policy

Thank you! Your submission has been received!
Oops! Something went wrong while submitting the form.

Cyber Essentials

Cyber Essentials is a self-certification. This means that you are asked to supply answers to a questionnaire (with evidence) and the application is marked by Defendza's CE experts. 

Cyber Essentials is a cost-effective assurance scheme for small and medium sized enterprises which is backed by the UK government. It helps you demonstrate to your customers  that the most important cyber security controls have been implemented and it is a prerequisite for public sector suppliers.

Get Cyber Essentials Certified with expert support. Get in touch.
Call Us Now

Cyber Essentials Plus

Cyber Essentials (CE) Plus offers a higher level of assurance through the internal testing of the organisation’s cyber security measures. This means that one of Defendza's CE Plus experts will visit your office and perform a test that is in line with the Cyber Essentials requirements.

CE Plus requires an independent assessment of the technical security controls in place as well as a vulnerability scan to identify risks such as unpatched or unsupported software and incorrect configurations.

CE Plus quotations are based on the time it will take for our consultant to test your systems. Each quote varies depending on several factors including:

  • Number of employees & workstations including their configuration
  • Number of offices
  • Complexity of network and services
  • Network footprint

Five controls to protect your business

Patch Management

We assess that you keep your applications, software and devices up to date. it doesn't matter whether your business uses Android or iPhone devices, tablets or laptops, it's important that all the assets are kept up to date at all times. 

Malicious Code Protection

Defendza review whether your business implements one of the malware protections to defend against attacks. These include anti-malware measures such as Defender, whitelisting applications or use of sandboxing techniques.

Access Control

To review if there are restrictions on who has access to your data and services. Secure administrative privilege access management and access to software from official sources are two subjects in this topic that ensure 'just enough access' to perform the intended tasks. 

Secure Configuration

This element reviews secure settings for your software and devices in use. Checks under this category include changing default settings, password controls and extra protections such as two factor authentication.

Perimeter Firewall & Internet Gateway

Perimeter firewalls & Internet gateways control who has access to your system and which users of your network can access internet. Cyber Essentials Certification criteria checks for relevant restrictions to protect your devices that connect to untrusted networks such as public Wi-Fi. 

Our process

Here’s the roadmap to achieving Cyber Essentials and Cyber Essentials Plus.

Step. 1
Scoping call

We have a pre-assessment scoping call with your team to help us to understand the size of your organisation’s network footprint and get details of all internet-facing systems covered as part of your project.


Step. 2
Assessment Questionnaire

Following this call, we send you a questionnaire to fill in: it’s relatively straightforward and won’t take too long to complete. If you need help, of course, Defendza is happy to assist you.


Step. 3
Perimeter Scan

Based on your questionnaire responses, Defendza will scan your perimeter at both the infrastructure and web application level for vulnerabilities. We’ll discuss the scan results with you to make sure there are no compliance issues.


Step. 4
Interim Report

Based on the scan results, Defendza writes an interim report to highlight any issues that need addressing. This makes certain that there are no compliance issues at this point: if there are, we allow a remediation window of 4 weeks for your organisation to address them.


Step. 5
Cyber Essentials Certificate

Assuming everything goes well, Defendza will issue your business with its Cyber Essentials Certificate. If you need any support, be assured that our team is available via phone or email to give you all the help you need.


Step. 6
Internal Assessment

To proceed with Cyber Essentials Plus, we need to complete an internal, onsite assessment of your network and security controls. We scan all internal IPs mentioned in your questionnaire for any internal vulnerabilities and perform a build review against a standard desktop build. 

Using Cyber Essentials-approved payload files, which we email to an internal email address and gateway whilst we’re on site, we also conduct mobile assessment including host and gateway malware testing, as well as checking desktop protection.


Step. 7
CE Plus Interim Report

Depending on results, Defendza will then issue an interim report to discuss with your team. 4 weeks of remediation time is available to ensure any highlighted problems are rectified. Defendza will assess the fixes so that you can be confident there are no further compliance issues.


Step. 8
CE Plus Certificate

Upon validation of all findings, Defendza will issue your organisation’s CE Plus certificate and you can go forward confident you’ve done everything you can to assure your cyber security.

FREE Cyber Essentials with IT Health Check. Get in Touch.
Call Us Now

Related News

Evite hit with data breach


Online invitation company Evite announced it was affected by a data breach involving the unauthorised access of customer information. Names, usernames, email addresses, passwords, dates of birth, phone numbers, and mailing addresses were potentially affected in the incident.

Cathay Pacific breach - decade old vulnerability exploited in 2018


Cathay Pacific was breached in 2014, the full investigation report revealed in October 2018 disclosed that it affected 9.4 million people.Malicious actors exploited a decade old vulnerability on an internet facing server that allowed the group to bypass authentication and access administration tools residing on the server.


"My experience to date with Defendza has been very positive, I look for a flexible, knowledable security "partner" when I engage a PT firm. Pentest means many things to many people and there are many different use cases for both the testing activity and the report generated and I need someone to work with me to get the absolute best value out of my security budget."

Information Security Officer
Insurance Group

Excellent people to work with. Very good knowledge of requirement and give us correct findings with excellent remedy to improve our security for our B2B portal site."

Head of Technical & Business Improvement
Leading Pharmaceutical Manufacturer

"I thought it was a highly professional and thorough exercise and I would have no hesitation recommending Defendza to any of my connections."

Director, Software Engineering
Global Information and Analytics Company

"Good personal service. We are delighted with the work Defendza did for us. Highly recommended."

Manchester headquartered Global Fashion Brand

"Extremely satisfied with approach, speed and end results. Thanks."

International fashion label and store

"My experience of the Defendza team was 5 star.  They were so helpful, and their technical delivery and client communication were excellent."

Director, Software Development
Corporate Services Company

"Harman was great, really knowledgeable, helpful and on hand to answer any questions. The final report was very clear providing the technical information in an easy to read format which could be understood by the leaders of the business. Really enjoyed working with Defendza and look forward to working with them again in the future. Thank you!

IT manager
Housing Trust