Cyber Essentials for ESFA Providers


Cyber Essentials for ESFA Providers

All Education & Skills Funding Agency providers are required to hold Cyber Essentials for the 20/21 funding year. Providers will then be required to hold Cyber Essentials Plus for the 21/22 funding year. (Link to ESFA website)

Cyberlab are a certification body for both the Cyber Essentials and Cyber Essentials Plus schemes, offering a range of options depending on your requirements and technical ability.
cyber essentials plus certification body.fw
cyber resilience centre trusted partner.fw
crown commercial service supplier.fw

How much does it cost and what is the process?

The Cyber Essentials certification costs £545 +VAT (this is the ESFA requirement for funding year 20/21).

The process for achieving Cyber Essentials is as follows:

– Cyberlab provide clients with access to an online portal where they can complete a Cyber Essentials questionnaire
– On submission, a Cyberlab assessor will carry out a pre-assessment check where they identify any areas which are not yet compliant
– Cyberlab schedule a pre-assessment feedback call with the client
– The client is given additional time to work on non-compliant responses
– The assessment is formally marked on the portal and Cyberlab issue the certificate

Cyber Essentials for ESFA Providers
accreditation scope

What are the technical controls?

The scheme addresses the following five key controls that, when implemented correctly, can prevent around 80% of cyber attacks.

- Firewalls
- Secure configuration
- User access control
- Malware protection
- Patch management

the process

What is the difference between Cyber Essentials and Plus?

Cyber Essentials is self assessed and independently verified. Cyber Essentials Plus includes an independent technical audit of your systems to verify that the Cyber Essentials controls are in place. Both levels are based upon the same five controls.

In the current climate, Cyber Essentials Plus audits are being carried out remotely by our Assessors.

guidance and support

How do we achieve the accreditation?

As a Certification Body for IASME, Cyberlab are authorised to assess against the scheme but also to provide consultancy to support organisations to achieve the certification. We offer different support levels to suit your needs.

business benefits

What are the benefits of achieving Cyber Essentials?

Reassure customers that you are working to secure your IT against cyber attacks and have a clear picture of your organisation's cyber security posture.

Formalise your security

Get a clear picture of your organisations current cyber security level and ensure processes are documented.

Set yourself apart

It's a great selling point for your business too. No matter who the client is from an SME to a FTSE 100 company, they want to know you take security seriously.

Win business

Meet eligibility requirements for certain government and MOD supply chain contracts.

great service and fast, professional support when needed. Thanks Cyberlab
Chris Goddard
Chris Goddard
Our onboarding was very smooth. It's great to know that our cyber security is in the hands of people who know their stuff
Helen Kelly
Helen Kelly
We chose Cyberlab to help us develop our cyber security strategy and achieve Cyber Essentials Plus. The platform is easy to navigate and it's easy to find important data. We also receive great support from the Cyberlab team.
James Cartwright
James Cartwright
A great organisation to work with. We used them for our Cyber Essentials certification and found them to be most helpful in gaining this. Super quick process from start to finish, never not on the end of an email or telephone to talk to.
Cleverclogs Multimedia LTD
Cleverclogs Multimedia LTD
After much research we found Cyberlab. Ryan was my contact from the day one initial quote through Cyber Essentials, Cyber Essentials Audit, IASME Governance self-certified and on to our IASME Governance GOLD certification. The understanding, support and guidance we received from Ryan was simply outstanding. I can’t recommend Cyberlab enough.
Charles Blane
Charles Blane
We searched the market extensively and evaluated over seven different companies. They varied in price and skillset, we found Cyberlab had a fair price (in the middle third) and an excellent understanding of our needs, the work that needed to be done and this skill set and superior knowledge meant they were the right partner for us. We have bought more services from them since and I would highly recommend them as a 'go to' cyber security and GDPR consultant and auditor. We will use them now for many years going forwards.
Ahmed Khan
Ahmed Khan
Excellent service, clear advice and guidance for a non techy person!

Cyber Essentials FAQ

• Protects your organisation from approximately 80% of cyber-attacks, according to the UK government.
• Demonstrates your commitment to security and data protection to customers and stakeholders.
• Boosts your reputation and increases your chance of securing new business by showing you have cyber-security measures in place.
• Cyber Essentials permits you to work with the UK government, Plus gives you the opportunity to work with the MoD.
• Lets you focus on your business objectives, knowing you are secure.

The Cabinet Office’s note to Procurement Officers is available here – this specifies where the Cyber Essentials certification in mandated

It is noted that an increasing number of government and commercial organizations are requiring this certification of their suppliers, even though they are not mandated to do this through the Procurement Policy Notice. In his speech on the 23rd June 2015, Ed Vaizey from the Department of Culture, Media & Sport urged all organizations to “adopt Cyber Essentials so they can protect and promote themselves online to all stakeholders”.

Any company using unsupported or out-of-date software in the scope of the assessment, such as Microsoft 7, will probably fail to achieve Cyber Essentials certification.

The questionnaire requires answers to all questions – most of these questions will require brief notes to enable us to understand your company and the information security controls that you have in place. By providing full details in the questionnaire you will reduce the time required for certification as we will have all the information we need up front.

For Cyber Essentials, once you have completed the self-assessment questions on the online portal we aim to turnaround all assessments within 24 hours.

For Cyber Essentials Plus, this must be carried out within 3 months of achieving the CE accreditation. The CE+ requires an on-site audit which can be scheduled as soon as a signed order is request and a CE pass is in place.

We will email you with a reminder in advance of your expiry date outlining the steps involved in order to work through your renewal.

You need to get nearly all the questions right (compliant) to pass the Cyber Essentials assessment. You do need to be controlling all these aspects of your system to be certified. This very strict pass criteria is set by the UK Government. If you are not compliant in some of the questions we suggest you try and change your processes to meet the requirement and certainly add notes to explain why you are not compliant in this aspect and how else you control that risk.

Yes, the question set can be downloaded here.

Got Questions →

If there’s something you’d like to discuss, feel free to give us a call, drop us an email, or write to us using the contact information provided. We look forward to hearing from you!

About Cyberlab →

We saw that businesses of all sizes were juggling a myriad of disjointed cyber tools. And we wanted to create a service to deliver a comprehensive, dependable alternative.

Ready to start your Cyber Essentials accreditation?