Cyber Essentials for ESFA Providers 2021-2022


Cyber Essentials for ESFA Providers

All Education & Skills Funding Agency providers are required to renew their Cyber Essentials accreditation and then in addition achieve the Cyber Essentials Plus accreditation for the 2021/2022 funding year. (Link to ESFA website)

Cyberlab are a certification body for both the Cyber Essentials and Cyber Essentials Plus schemes, offering a range of options depending on your requirements and technical ability.

cyber essentials plus certification body.fw
cyber resilience centre trusted partner.fw
crown commercial service supplier.fw

How much does it cost and what is the process?

The Cyber Essentials certification costs £545 +VAT (this is the ESFA requirement for funding year 2021/2022).

The process for achieving Cyber Essentials is as follows:

– Cyberlab provide clients with access to an online portal where they can complete a Cyber Essentials questionnaire
– On submission, a Cyberlab assessor will carry out a pre-assessment check where they identify any areas which are not yet compliant
– Cyberlab schedule a pre-assessment feedback call with the client
– The client is given additional time to work on non-compliant responses
– The assessment is formally marked on the portal and Cyberlab issue the certificate

The Cyber Essentials Plus certification cost is dependent on the size of your organisation which determines the number of devices we need to sample in order to conduct the assessment. Contact us today for pricing.

Cyber Essentials for ESFA Providers 2021-2022
accreditation scope

What are the technical controls?

The scheme addresses the following five key controls that, when implemented correctly, can prevent around 80% of cyber attacks.

- Firewalls
- Secure configuration
- User access control
- Malware protection
- Patch management

the process

What is the difference between Cyber Essentials and Plus?

Cyber Essentials is self assessed and independently verified. Cyber Essentials Plus includes an independent technical audit of your systems to verify that the Cyber Essentials controls are in place. Both levels are based upon the same five controls.

In the current climate, Cyber Essentials Plus audits are being carried out remotely by our Assessors.

guidance and support

How do we achieve the accreditation?

As a Certification Body for IASME, Cyberlab are authorised to assess against the scheme but also to provide consultancy to support organisations to achieve the certification. We offer different support levels to suit your needs.

business benefits

What are the benefits of achieving Cyber Essentials?

Reassure customers that you are working to secure your IT against cyber attacks and have a clear picture of your organisation's cyber security posture.

Formalise your security

Get a clear picture of your organisations current cyber security level and ensure processes are documented.

Set yourself apart

It's a great selling point for your business too. No matter who the client is from an SME to a FTSE 100 company, they want to know you take security seriously.

Win business

Meet eligibility requirements for certain government and MOD supply chain contracts.

Austin Ambrose
Austin Ambrose
Cyber Essentials Plus Accreditation We used Cyberlab last year for our Cyber Essentials accreditation and we impressed with their service levels and regular communication throughout the application and assessment process. Having sought several competitive quotes we elected Cyberlab again this year when we applied for Cyber Essentials Plus. We have now gained accreditation and found Cyberlab to be faultless again in supporting us throughout the process and our ensuing success in attaining the higher standard.
Good support given and great communication Good support given and great to have an annual prompt. It was very useful to have the pdf guide to refer to this time with some explanation of what the question was being asked for - still some high brow IT speak but with phone contact / email support it was a smooth process. The online system is easy to use and submit with swift follow up to ensure last details were clear & added on time. A little bit pricey but essential so we just got it completed.
Andrew Barnard
Andrew Barnard
Cyber Essentials Plus It was our first time undertaking the Cyber Essentials Plus, our assessor Hugo couldn't have been more helpful and I would recommend anyone try Cyberlab, thank you.
Went through a rather rushed Cyber… Went through a rather rushed Cyber Essentials PLus audit due to our deadline and Hugo helped out massively and helped get us our Pass. Thank you very much!
Derek Russell
Derek Russell
Very professional support to help us… Very professional support to help us gain CE+
Excellent Excellent, professional service from start to finish. Hugo supported us throughout the Cyber Essentials and Cyber Essentials Plus process in a very clear and structured way, explaining each step of the journey, meaning there were no unexpected surprises along the way. Thank you!
Tim Venison
Tim Venison
Cyberlab's cyber security analyst was clear and helpful Cyberlab's cyber security analyst was very helpful and guided us through the process with clear instructions throughout. Gaining CE+ accreditation with Cyberlab was very straightforward.
Andrew Swann
Andrew Swann
Hats off to Hugo! Straight forward as always with our renewal and our clients.
Excellent service for a great price We're really grateful to Cyberlab for getting us through our Cyber Essentials Plus certification against the clock. Ryan and Hugo were friendly and responsive but still knowledgeable and professional, always willing to go above and beyond on our behalf despite their competitive pricing. They explained the process very clearly and supported us through every step. We would heartily recommend other companies to make use of them.

Cyber Essentials FAQ

• Protects your organisation from approximately 80% of cyber-attacks, according to the UK government.
• Demonstrates your commitment to security and data protection to customers and stakeholders.
• Boosts your reputation and increases your chance of securing new business by showing you have cyber-security measures in place.
• Cyber Essentials permits you to work with the UK government, Plus gives you the opportunity to work with the MoD.
• Lets you focus on your business objectives, knowing you are secure.

The Cabinet Office’s note to Procurement Officers is available here – this specifies where the Cyber Essentials certification in mandated

It is noted that an increasing number of government and commercial organizations are requiring this certification of their suppliers, even though they are not mandated to do this through the Procurement Policy Notice. In his speech on the 23rd June 2015, Ed Vaizey from the Department of Culture, Media & Sport urged all organizations to “adopt Cyber Essentials so they can protect and promote themselves online to all stakeholders”.

Any company using unsupported or out-of-date software in the scope of the assessment, such as Microsoft 7, will probably fail to achieve Cyber Essentials certification.

The questionnaire requires answers to all questions – most of these questions will require brief notes to enable us to understand your company and the information security controls that you have in place. By providing full details in the questionnaire you will reduce the time required for certification as we will have all the information we need up front.

For Cyber Essentials, once you have completed the self-assessment questions on the online portal we aim to turnaround all assessments within 24 hours.

For Cyber Essentials Plus, this must be carried out within 3 months of achieving the CE accreditation. The CE+ requires an on-site audit which can be scheduled as soon as a signed order is request and a CE pass is in place.

We will email you with a reminder in advance of your expiry date outlining the steps involved in order to work through your renewal.

You need to get nearly all the questions right (compliant) to pass the Cyber Essentials assessment. You do need to be controlling all these aspects of your system to be certified. This very strict pass criteria is set by the UK Government. If you are not compliant in some of the questions we suggest you try and change your processes to meet the requirement and certainly add notes to explain why you are not compliant in this aspect and how else you control that risk.

Yes, the question set can be downloaded here.

Got Questions →

If there’s something you’d like to discuss, feel free to give us a call, drop us an email, or write to us using the contact information provided. We look forward to hearing from you!

About Cyberlab →

We saw that businesses of all sizes were juggling a myriad of disjointed cyber tools. And we wanted to create a service to deliver a comprehensive, dependable alternative.

Ready to start your Cyber Essentials accreditation?