Skip to main content

Achieve certification and protect your organisation from the majority of the common cyber security threats.

We are here to help you achieve Cyber Essentials Scheme Certification as easily and as painlessly as possible. We have tried to make this page as informative as we can, without overwhelming you with technical jargon. If at any stage you find you have any kind of issue, or don't understand anything, please don't hesitate in reaching out and one of our friendly team will call you back. 

The Five Controls Explained (click to expand)
  • Firewalls

    Firewalls effectively create a ‘buffer’ between your network and other external networks. Use and configure firewalls to secure your internet connection and protect your devices.

  • Secure Configuration

    Choose the most secure settings for your devices and software. Ensure that only necessary software, accounts, and applications are used along with quality passwords.

  • Malware Protection

    Protect yourself from viruses and other malware by implementing suitable defences such as anti-malware/virus software.

  • User Access Control

    Control access to your data through user accounts and ensure that administrator privileges are only provided to those that need them. Administrator activity should be controlled.

  • Patch Management

    Ensure your devices, software and applications are supported by the manufacturer/vendor and kept up to date by installing the latest security updates.


The Cyber Essentials scheme is a simple yet effective, UK Government backed framework which is run in association with the National Cyber Security Centre (NCSC).

The scheme is based around just 5 essential security controls that, if implemented correctly, will help to protect your organisation against a range of the most common internet based cyber attacks.

In addition to Cyber Essentials being a mandatory requirement for acceptance onto numerous supplier frameworks, certifying to the Cyber Essentials standard can help to showcase an organisation’s commitment to cyber security this is a useful marketing tool with which to attract potential clients. Achieving certification may also entitle your organisation to free cyber security insurance.

CND has provided Cyber Essentials certification since 2016 and is licenced by the Cyber Essentials Partner to the NCSC to conduct both Cyber Essentials (CE) and Cyber Essentials PLUS (CE PLUS) assessments.

Certification Levels

Cyber Essentials - Self Assessment

CE consists of a self-assessed questionnaire (SAQ) designed to assess whether applicants meet the required standard. The SAQ is completed by the applicant organisation and submitted online via an assessment portal. Upon submission, the SAQ responses are independently reviewed by a qualified assessor who will then issue a certificate with a pass or guidance with a fail.

Free cyber insurance is offered to all qualifying organisations that achieve the standard, with the certification being valid for 12 months.

Step By Step Guide To Achieving Cyber Essentials

The steps below can vary slightly between clients:

  1. Review our Cyber Essentials Checklist to see how close you are to meeting the criteria required to pass.
  2. If you would like the actual SAQ or for more information please contact us.
  3. Select one of the 3 packages we have on offer based on the level of support that you feel that you will need from our expert Assessors. If you want help with the SAQ, please choose our Guided or Assist package.
  4. You will be provided with access to your SAQ online portal. [password sent securely]
  5. Start to answer the questions in the SAQ, if you have opted for our Guided or Assist package, please call with any questions.
  6. Once the SAQ is complete, our Assessor will mark it and report back to you.
  7. If you do fail, don't panic! Your package allows you to resubmit and the Guided or Assist package means that we are on hand to advise on what you can do to secure a pass.

Cyber Essentials PLUS - External Audit

CE PLUS revolves around the same basic controls as CE. The difference between the certifications is that CE PLUS requires a qualified assessor to independently audit the applicant organisation. Achieving the CE PLUS certification results in a higher degree of assurance that the required standards have been met.

CE certification is a prerequisite to achieving CE PLUS, which must then be attained within a 3-month period. CE PLUS certification is valid for 12 months.

Step By Step Guide To Achieving Cyber Essentials PLUS

The steps below can vary slightly between clients:

  1. Cyber Essentials PLUS must be completed within 3 months of passing Cyber Essentials. 
  2. Scoping Call – to review SAQ (if required) and determine the extent of the audit (representative sample).
  3. From the scoping call the Assessor will be able to provide an accurate estimate of how long the audit will take and therefore the cost.
  4. The Assessor will start working with you to carry out the remote tests on the representative sample.
  5. If the Assessor does need to attend site, they will only do so once all of the remote checks have passed the audit, this reduces the number of potential visits and therefore cost.
  6. Once you have passed you will be issued with your report and certificate.
  7. Please note that CND have the capability to undertake all audit activity remotely.

Getting Certified couldn't be easier, simply choose one from the following three options and your price will be dependant on your number of staff: 


This service is aimed at clients who are either new to Cyber Essentials, or lack IT expertise.
CND will provide you with a Certified CE Assessor who will guide you through the completion of the SAQ, providing you with up to 8 hours of support. If your organisation does not meet the CE criteria, our assessor will provide you with a remediation plan which, if implemented, will ensure your systems meet the controls required for certification.
If more than 8 hours is required CND can provide further assistance to you under a separate arrangement and you have up to 6 months to submit the SAQ.
  • PayPal easy pay link below.
  • Up to three re-tests within 6 months.


Most Popular
This service is aimed at our more experienced clients who may still require a little guidance around how best to meet the Cyber Essentials criteria and complete the SAQ. 
CND will review your submitted CE SAQ and should your first submission be unsuccessful, one of our Certified CE Assessors will provide you with up to 2 hours of support on what you need to change to achieve certification. 
As some remediation may take a little time, we offer up to 3 re-tests within 30 days. 
  • PayPal easy pay link below.
  • Up to three re-tests within 30 days.


For our returning clients seeking a renewal, or clients who are experienced with Cyber Essentials, this is our no frills service which offers you a simple pass/fail based upon the answers provided within your SAQ.

If you were to fail, you will be advised as to why and then given 2 working days to remediate the issues, adjust your SAQ and resubmit.

Note: CE certification criteria is regularly updated, so please don't hesitate in requesting the latest question set from us before embarking.  

  • One Free re-test within 48 Hours.

Cyber Essentials Basic Pricing Table

Number of Staff

Micro 0-9
Small 10-49
Medium 50-249
Large 250+

Fully Guided

£950 (exc VAT)
£1,250 (exc VAT)
£1,400 (exc VAT)
£1,600 (exc VAT)


£650 (exc VAT)
£850 (exc VAT)
£950 (exc VAT)
£1,100 (exc VAT)

Renewal/Pass or Fail

£320 (exc VAT)
£440 (exc VAT)
£500 (exc VAT)
£600 (exc VAT)

PayPal Easy Pay - Invoice payment available upon request

Fully Guided (inc VAT)
Email Address:
Company Name:
Assisted (inc VAT)
Email Address:
Company Name:
Renewal (inc VAT)
Email Address:
Company Name:

Cyber Essentials PLUS Process

Cyber Essentials PLUS must be completed within 3 months of passing Cyber Essentials.


The Cyber Essentials PLUS scoping call is primarily used to determine the ‘representative sample’ that will be tested as part of the certification. The call will include a review of your CE SAQ, an informal discussion about your network and an overview of the process that we will undertake. During the discussion we will agree whether a site visit is required; it should be noted that our CE Plus audit can be performed remotely.

Following the scoping call and confirmation of the representative sample, you will be given a quote for the cost of the Cyber Essentials PLUS audit, if you decide to proceed we will ensure all relevant paperwork is in place before dates are confirmed.


CND Assessors can work with you to undertake the entire Cyber Essentials PLUS audit remotely, though we can attend site should you prefer. If we do need to attend site, we prefer to perform as many remote checks as we can beforehand, as this helps to reduce the likelihood of further visits should we encounter any problems that prevent you from passing.

The CND Assessor will audit your organisation to verify that it meets the CE controls. This is achieved by conducting a series of tests on a representative sample of your 'in scope' systems as well as carrying out external and internal vulnerability assessments.

Once you have passed you will be issued with your report and certificate.