Cyber Essentials Certifications

The Cyber Essentials and Cyber Essentials Plus certifications are government and NCSC-backed accreditations that help safeguard your business against the most common types of cyber-attack.

Can reduce the risk of a breach by up to 80%

UK-based security team

Protect against phishing, malware, ransomware

Both Cyber Essentials & Cyber Essentials Plus are available

What is Cyber Essentials

Certification Process

Benefits

Cyber Essentials Plus

Why Stripe OLT?

FAQs

Our
Awards

Megabuyte Top 50 Emerging Companies 2024

computing-cloud-excellence-awards-2021-winner-msp

computing-cloud-excellence-awards-2022-winner-2022

techreviewerco-top-it-services-companies-2021-1

What is Cyber Essentials?

The Cyber Essentials and Cyber Essentials Plus certifications are government and NCSC (National Cyber Security Centre) backed accreditations that safeguard your business against common types of cyber-attack.

The scheme is centred around five technical controls that are proven to protect organisations against the most common internet-based cybersecurity threats. These controls focus on establishing fundamental security practices that significantly reduce the likelihood of successful attacks.

These protections help defend against common attack methods such as:

Phishing attacks

A type of social engineering where an attacker sends a fraudulent message designed to trick a person into revealing sensitive information or to deploy malicious software, such as ransomware, on the victim’s infrastructure.

Malware

Any software intentionally designed to cause disruption to a computer, server, client or network, leak private information, gain unauthorised access, deprive access to data or interfere with security and privacy.

Ransomware

A type of malware that threatens to exploit personal data or block access to it unless a ransom is paid. Some simple ransomware may lock a system without damaging files, but advanced variants use cryptoviral extortion.

Password brute-force attacks

A brute-force attack consists of an attacker submitting many passwords or passphrases with the hope of eventually guessing correctly. The attacker systematically checks all possible passwords until the correct one is found.

Network attacks

A network attack is an attempt to gain unauthorised access to an organisation’s network, with the objective of stealing data or performing other malicious activity. Hackers can sit in a network undetected for months while planning their attack.

Stripe OLT are here to help

IASME Certified

Stripe OLT are a licensed certification body for Cyber Essentials and Cyber Essentials Plus certifications. We are certified by IASME, the official delivery partner for the Cyber Essential government backed scheme

There are only a limited number of accredited Cyber Essentials assessors in the UK, including those at Stripe OLT, who can take organisations through the complete certification process.

In April 2025, the Cyber Essentials and Cyber Essentials Plus schemes were updated to version 3.2 with the new “Willow” assessment questions – reflecting modern working patterns, clearer guidance and expanded requirements on areas such as remote working, authentication and vulnerability fixes.

Our Cyber Essentials Plus technical audits are carried out in line with these latest question sets, available from IASME’s download page.

Our Cyber Essentials Plans

We offer three Cyber Essentials plans designed to match your organisation’s compliance needs and internal capacity

Cyber Essentials

Cyber Essential Plus

Cyber Essentials & Cyber Essentials Plus Premium

Price

£1,330 – £1,420

£2,430 – £2,520

£4,110 – £4,200

Email and calendaring

Show more +

Cyber Essentials Certifications

Email and calendaring

Show more +

Cyber Liability Insurance

Up to 25k FREE Cyber Liability Insurance *

Email and calendaring

Show more +

Cyber Essentials Plus Certification

Email and calendaring

Show more +

Remote Support

9 Hours Included

11 Hours Included

25 Hours Included

Email and calendaring

Show more +

Questionnaire Guidance

Email and calendaring

Show more +

Project Management

Email and calendaring

Show more +

Audit Preparation Support

Email and calendaring

Show more +

Evidence Consultation

Email and calendaring

Show more +

Remediations Consultation

Email and calendaring

Show more +

Free Retest

2 Free Retests

Email and calendaring

Show more +

The Benefits of Getting Certified

In just two weeks, your business could benefit immeasurably

Improved security measures

Ensure your cyber security policies and processes are up to date by implementing smarter, standardised measures.

Build a strong reputation

Achieving this foundation-level cyber security certification not only ensures the online security of your business but also enhances your reputation with customers, stakeholders and supply chain partners, demonstrating that you take system security seriously.

Win business

The Cyber Essentials scheme is widely recognised, with many private and public sector organisations requiring suppliers to hold certification before awarding contracts. It is also mandatory for bidding on central government contracts that involve personal or sensitive data.

Protect your assets

Cyber Essentials helps safeguard your organisation’s most valuable assets, including sensitive data, critical systems, intellectual property and operational infrastructure.

By implementing structured security controls, you significantly reduce the likelihood of disruption, data loss and unauthorised access that could impact productivity.

Insurance & Financial Protection

With certification, eligible organisations with a turnover under £20 million can receive up to £25k of free cyber liability insurance. Certified organisations are also up to 92% less likely to make a cyber insurance claim, plus many insurers recognise Cyber Essentials as a positive risk indicator, which can lower premiums.

An affordable, cost-effective accreditation

Many organisations want to achieve Cyber Essentials certification in order to fulfil tender requirements. With our guidance, you can gain an affordable, comprehensive accreditation in just two weeks.

The Certification Process

Cyber Essentials certification

Cyber Essentials and Cyber Essentials Plus follow a structured certification pathway designed to assess and validate an organisation’s cyber security controls.

Stage One

Self-Assessment Questionnaire (SAQ)

You complete Cyber Essentials through a self-assessment questionnaire. You answer a set of questions covering the scope of your organisation’s assessment, your employees, devices and working locations, as well as the five core technical controls:

User access control
Secure configuration
Security update management
Firewalls
Malware protection

The responses must be signed off by a board member or equivalent before submission.

Stage Two

Cyber Essentials Certification

If the assessment is successful, you are awarded Cyber Essentials certification. Your certificate is valid for 12 months, your organisation is listed on the directory of certified organisations, and you can display the Cyber Essentials certificate digitally on your website and communications.

Cyber Essentials Plus certification

Cyber Essentials and Cyber Essentials Plus follow a structured certification pathway designed to assess and validate an organisation’s cyber security controls.

Stage One

SAQ Validation

You complete Cyber Essentials through a self-assessment questionnaire.
You answer a set of questions covering the scope of your organisation’s assessment, your employees, devices and working locations, as well as the five core technical controls:

Stage Two

Technical Audit & Vulnerability Scanning

Cyber Essentials Plus involves a technical audit designed to verify that the security controls you declared in your Cyber Essentials assessment are correctly implemented.

The audit covers:

A representative sample of user devices
All internet gateways
All servers with services accessible to the internet

Vulnerability scanning and evidence gathering are performed as part of this process.

Stage Three

Vulnerability Remediation

If vulnerabilities or non-compliant configurations are identified during the audit, you may need to carry out remediation activities before certification can be completed.

You must address any identified issues and provide confirmation once remediation has been completed.

Remediation must typically be completed within 30 days of the audit to allow certification to proceed.

Stage Four

Evidencing & Cyber Essentials Plus Certification

Evidence of remediation, such as screenshots or supporting documentation, is reviewed by the assessor.

Once the requirements are satisfied, your organisation is awarded Cyber Essentials Plus certification.

Speak to
OUR Experts

Discover what we can do for your business.

AChieving Cyber Essential Plus

To be eligible for Cyber Essentials Plus, you must first have a valid Cyber Essentials certificate. You then have up to three months from passing that Cyber Essentials assessment to complete your Cyber Essentials Plus audit, otherwise you will need to complete a new Cyber Essentials self-assessment.
If you are renewing Cyber Essentials Plus, the certification must be completed before your previous Cyber Essentials Plus certificate expires.

What is the difference between Cyber Essentials and Cyber Essentials Plus
Cyber Essentials Plus goes one step further by verifying that the following five key controls are implemented correctly:

Boundary firewalls and internet gateways

Secure configurations

User access controls

Malware protection

Patch management

Cyber Essentials Plus can be completed in as little as two weeks after Cyber Essentials in best‑case scenarios, although timing depends on organisational size, technical complexity, remediation and response times.

Why Choose Stripe OLT?

Award-Winning

We’re an award-winning managed services provider

With over 20 years of experience, we’ve built a reputation we’re proud of. Winning awards for both our managed IT and managed security services means we don’t just claim to be experts. With Stripe OLT, you are guaranteed an exceptional experience.

We are a multi-award-winning service provider for small and medium-sized businesses. We consistently achieve industry-leading customer satisfaction scores, with a dedicated focus on cyber security and IT support services.

UK Based

Your Trusted UK Cyber Security Partner

We are a full-service managed IT provider based in London, Bristol and Manchester, underpinned and led by ITIL-accredited engineers with deep expertise in Microsoft cloud and security technologies.

Our knowledgeable and highly qualified IT support engineers deliver a next-level service, consistently recognised through fantastic client feedback.

Our team supports organisations with their cybersecurity across the UK and beyond

Security Experts

highly certified security Team

We employ both ex-government and military veterans, we ensure our clients are protected by the best. Our engineers are IASME, CREST and Microsoft security certified (among others), consistently performing at a high level, 24/7.

Microsoft Specialists

Certified Microsoft Solutions Partner

At Stripe OLT, we’ve invested heavily in Microsoft certifications over the past three years. As a result, we are now one of the UK’s leading Microsoft partners in cloud and cyber security solutions, holding Microsoft Solutions Partner status in both Modern Work and Security.

Whether you need to enhance collaboration with applications such as SharePoint and Teams, or secure your environment with Azure Sentinel, you can trust our highly certified Microsoft team.

Speak to the experts

Want to understand more about how our team can support your requirements? Fill out the form and we be in touch shortly.

Cyber Essential Plus FAqs

What is Cyber Essentials Plus, and what does it include?

Cyber Essentials Plus is an advanced certification level within the UK government’s Cyber Essentials scheme. It builds on the requirements of Cyber Essentials and includes additional technical requirements and verification.
Alongside the standard Cyber Essentials controls, Cyber Essentials Plus involves an external vulnerability scan, an internal vulnerability scan and a remote technical audit by independent assessors to verify implementation across a sample of user devices, internet-facing services and gateways.

This certification demonstrates a higher level of assurance, establishes trust and validates an organisation’s commitment to strong cyber security practices.

What is the difference between Cyber Essentials and Cyber Essentials Plus?

Cyber Essentials is a self-assessment certification focusing on fundamental security controls. Cyber Essentials Plus includes independent verification and more rigorous testing, providing a higher level of assurance.

Both certifications are valid for one year and require annual recertification. Organisations often choose Cyber Essentials Plus when they want more effective cyber security advice and evaluation, plus external validation of their cyber security practices.

Why is Cyber Essentials Plus important, and is it worth it for businesses?

Cyber Essentials Plus is important for businesses operating in today’s digital landscape. It demonstrates a strong commitment to cyber security, builds trust with stakeholders and enhances overall resilience.
Achieving Cyber Essentials Plus can provide a competitive edge, support regulatory compliance and strengthen market reputation. While it requires additional investment, it is worthwhile for organisations prioritising risk reduction, trust-building and robust security practices.

How much does it cost to get Cyber Essentials Plus certification?

The cost of Cyber Essentials Plus certification typically ranges from £2,430 to £4,200
The pricing structure for a Cyber Essentials Plus Certification reflects the additional time involved to assess larger or more complex organisations, particularly where there are more users, devices or technical configurations to review as part of the independent verification and testing process. We provide clear pricing guidance upfront to ensure the scope is aligned from the outset.

How long does it take to get a Cyber Essentials certification?

What happens if we do not pass the Cyber Essentials assessment the first time?