Cyber Essentials for ESFA Providers
Cyber Essentials for ESFA Providers
All Education & Skills Funding Agency providers are required to hold Cyber Essentials for the 20/21 funding year. Providers will then be required to hold Cyber Essentials Plus for the 21/22 funding year. (Link to ESFA website)Cyberlab are a certification body for both the Cyber Essentials and Cyber Essentials Plus schemes, offering a range of options depending on your requirements and technical ability.
How much does it
cost and what is the process?
The Cyber Essentials certification costs £545 +VAT (this is the ESFA requirement for funding year 20/21).
The process for achieving Cyber Essentials is as follows:
– Cyberlab provide clients with access to an online portal where they can complete a Cyber Essentials questionnaire
– On submission, a Cyberlab assessor will carry out a pre-assessment check where they identify any areas which are not yet compliant
– Cyberlab schedule a pre-assessment feedback call with the client
– The client is given additional time to work on non-compliant responses
– The assessment is formally marked on the portal and Cyberlab issue the certificate
What are the
The scheme addresses the following five key controls that, when implemented correctly, can prevent around 80% of cyber attacks.
- Secure configuration
- User access control
- Malware protection
- Patch management
What is the
difference between Cyber Essentials and Plus?
Cyber Essentials is self assessed and independently verified. Cyber Essentials Plus includes an independent technical audit of your systems to verify that the Cyber Essentials controls are in place. Both levels are based upon the same five controls.
In the current climate, Cyber Essentials Plus audits are being carried out remotely by our Assessors.
guidance and support
How do we achieve the
As a Certification Body for IASME, Cyberlab are authorised to assess against the scheme but also to provide consultancy to support organisations to achieve the certification. We offer different support levels to suit your needs.
What are the benefits of achieving
Reassure customers that you are working to secure your IT against cyber attacks and have a clear picture of your organisation's cyber security posture.
Cyber Essentials FAQ
• Protects your organisation from approximately 80% of cyber-attacks, according to the UK government.
• Demonstrates your commitment to security and data protection to customers and stakeholders.
• Boosts your reputation and increases your chance of securing new business by showing you have cyber-security measures in place.
• Cyber Essentials permits you to work with the UK government, Plus gives you the opportunity to work with the MoD.
• Lets you focus on your business objectives, knowing you are secure.
Insurance terms and conditions can be found here:
It is noted that an increasing number of government and commercial organizations are requiring this certification of their suppliers, even though they are not mandated to do this through the Procurement Policy Notice. In his speech on the 23rd June 2015, Ed Vaizey from the Department of Culture, Media & Sport urged all organizations to “adopt Cyber Essentials so they can protect and promote themselves online to all stakeholders”.
Any company using unsupported or out-of-date software in the scope of the assessment, such as Microsoft 7, will probably fail to achieve Cyber Essentials certification.
The questionnaire requires answers to all questions – most of these questions will require brief notes to enable us to understand your company and the information security controls that you have in place. By providing full details in the questionnaire you will reduce the time required for certification as we will have all the information we need up front.
For Cyber Essentials, once you have completed the self-assessment questions on the online portal we aim to turnaround all assessments within 24 hours.
For Cyber Essentials Plus, this must be carried out within 3 months of achieving the CE accreditation. The CE+ requires an on-site audit which can be scheduled as soon as a signed order is request and a CE pass is in place.
We will email you with a reminder in advance of your expiry date outlining the steps involved in order to work through your renewal.
You need to get nearly all the questions right (compliant) to pass the Cyber Essentials assessment. You do need to be controlling all these aspects of your system to be certified. This very strict pass criteria is set by the UK Government. If you are not compliant in some of the questions we suggest you try and change your processes to meet the requirement and certainly add notes to explain why you are not compliant in this aspect and how else you control that risk.