Cyber Essentials is a government backed scheme that will help protect your organisation, whatever its size, against the most common cyber attacks.

Cyber Essentials is a framework to help your organisation make sure that good practice is followed and you have the basics covered.

NCSC assert that Cyber Essentials can effectively reduce cyber-attacks by 80%.  The systems that fall under the scope of the Cyber Essentials scheme include internet connected end-user devices (desktop PCs, laptops, tablets and smartphones) and Internet connected systems (e.g. email, web and application servers).

In partnership with IASME, IRM is a certifying body for Cyber Essentials and Cyber Essentials Plus. This means that IRM can assist you in both achieving compliance and issue your organisation with the certification.

Cyber Essentials & government contracts

If you would like to bid for central government contracts which involve handling sensitive and personal information or the provision of certain technical products and services, you will require Cyber Essentials Certification.

There are two levels of certification:

Cyber Essentials

A self-assessment option gives you protection against a wide variety of the most common cyber attacks. This is important because vulnerability to basic attacks can mark you out as target for more in-depth unwanted attention from cyber criminals and others.

Certification gives you peace of mind that your defences will protect against the vast majority of common cyber attacks simply because these attacks are looking for targets which do not have the Cyber Essentials technical controls in place.

Cyber Essentials shows you how to address those basics and prevent the most common attacks.

Cyber Essentials Plus

Cyber Essentials Plus still has the Cyber Essentials trademark simplicity of approach, and the protections you need to put in place are the same, but for Cyber Essentials Plus a hands-on technical verification is carried out.

Having Cyber Essentials Plus carries more weight and is the more sought-after accreditation as the testing becomes more thorough and robust as internal elements of the organisation are tested as well as their external network infrastructure.

As the Cyber Essentials scheme has progressed over the past few years, organisations are now finding that it is mandatory to hold the Cyber Essentials Plus accreditation in order to meet business requirements and conduct business with other organisations such as government bodies.

How we can help you

IRM have a small team dedicated to delivering Cyber Essentials and Cyber Essentials Plus and we see our approach as ‘Best Practise’ when assisting organisations achieve accreditation. Our aim is to adopt a pragmatic and common-sense approach when assessing organisations and help them through the process to ensure they not only gain certification, but also learn and refine their approach to security as a whole.

  • We offer a seamless, guidance and assistance from initial start of the engagement to end of process and certification.
  • Our approach is both flexible and pragmatic, we tailor the  process to fit your organisation in order to achieve positive outcomes.

IRM uniquely offer a ‘pre-assessment’ of both Cyber Essentials & Cyber Essentials Plus. This gives an organisation a true feel of their current state and gives an opportunity to remediate any issues before actual assessment. This practice almost guarantees a positive outcome and avoids a recorded FAIL. However, should the organisation PASS the ‘Dry Run’ then we are able to accredit and certificate the organisation, which alleviates extra costs for re-testing.

If you want to talk further please contact