Cyber Essentials Certification & Accreditation Services

Cyber Essentials certification and accreditation services, consultancy and support for the UK Government-recognised IT security standard, helping businesses in London strengthen their defences and achieve compliance.

Speak to a Cyber Essentials expert

Providing Cyber Essentials certification to businesses across London

Show your commitment to IT security by achieving or renewing your Cyber Essentials or Cyber Essentials Plus certification. Our experienced Cyber Essentials consultants help businesses across London and the Greater London area meet the necessary security standards. Our Cyber Essentials as a Service (CEaaS) offering will ensure your IT systems are compliant, providing a streamlined path to certification whilst enhancing your organisation’s protection against cyber threats.

IT support Laura-devine

The Final Step provides a professional, user-friendly, solutions-focused service. I have recommended the company to many contacts.

Laura Devine - Managing Partner, Laura Devine Immigration

City of London, London

We have used The Final Step as our IT support for nearly a year and a half and we couldn’t be happier with the level of service that they provide. They have helped to massively transform our IT infrastructure, enabling us to tighten our security as well as seamlessly moving us to cloud-based working.

Nicola Creighton - Office Manager, Fox Rodney Search

City of London, London

IT Support company peter-martin-intermusica

TFS’s philosophy of building long-term working relationships is evident throughout. They care about partnership rather than just short-term transactions.

Peter Martin - Director, Intermusica

Westminster, London

The Final Step did a really fantastic job. We are a highly demanding client and have very specific requirements. Throughout the whole process, TFS maintained a methodical, thorough approach which has resulted in a first-class set-up which supports us perfectly.

Mark McDerment - Finance Director

London

What is Cyber Essentials certification?

Cyber Essentials

Cyber Essentials is a UK Government-backed certification designed to help organisations protect themselves against common cyber threats. This scheme establishes a set of essential IT security controls that organisations of all sizes can implement to safeguard their systems and data. By achieving Cyber Essentials certification, businesses demonstrate their commitment to cyber security, enhancing trust with customers and partners.

 

Certification levels

There are two levels of Cyber Essentials certification: Cyber Essentials and Cyber Essentials Plus. The basic Cyber Essentials certification focuses on foundational security controls, while Cyber Essentials Plus accreditation requires more rigorous testing, such as audits and internal and external vulnerability scanning. This tiered approach allows organisations to choose the level of assurance that best fits their needs and risk profile.

 

Importance

Cyber Essentials certification is increasingly required for public sector contracts and is recognised across various industries. Many organisations now mandate this certification to ensure that their suppliers and partners adhere to essential cyber security practices. By achieving Cyber Essentials, businesses not only comply with regulations but also position themselves as responsible, secure companies to do business with.

 

Key benefits

The benefits of Cyber Essentials are significant. Organisations that achieve certification often experience an enhanced security posture, reducing the risk of cyber incidents. Additionally, it strengthens their reputation, showing clients and stakeholders that they prioritise cyber security. There are also potential insurance benefits, as many insurers offer lower premiums to certified organisations, recognising their commitment to mitigating risks.

What does Cyber Essentials cover?

Achieving either Cyber Essentials or Cyber Essentials Plus accreditation not only helps protect your organisation from cyber threats but also demonstrates your commitment to cyber security. This can enhance your reputation with clients and partners and is often a requirement for bidding on government contracts.

Firewalls & Routers

Cyber Essentials Basic

1 Firewall

These are essential for blocking unauthorised access to your network.

Read more
Properly configured firewalls and routers act as barriers between your internal systems and external threats.

Secure Configuration

Cyber Essentials Basic

2 Secure Configuration

Ensuring that all systems and applications are set up securely is crucial.

Read more
Default settings are often not secure, so it’s important to configure them according to security best practices.

Access Control

Cyber Essentials Basic

3 Access Control

Implementing strict access controls ensures that only authorised users can access sensitive data and systems.

Read more
This includes effectively managing user accounts and permissions.

Malware Protection

Cyber Essentials Basic

SIEM icon

Organisations must have measures in place to detect and prevent malware attacks.

Read more
This includes using anti-virus software and ensuring it is regularly updated.

Security Update Management

Cyber Essentials Basic

5 Updates

Keeping software and systems up to date is vital for protecting against vulnerabilities.

Read more
Regular updates and patches help close security gaps that attackers could exploit.

Third Party Assessment

Cyber Essentials Plus

6 Third Party

An authorised third-party certifying body conducts assessments to ensure all end-user devices meet security standards.

Read more
This includes testing machines to confirm they are securely configured and compliant with Cyber Essentials Plus requirements.

Vulnerability Testing

Cyber Essentials Plus

Pen Test icon

Vulnerability scanning involves scanning your systems for known vulnerabilities that attackers could exploit.

Read more
The testing helps identify weaknesses in your security posture, allowing them to be addressed proactively.
 
Once undertaken, we receive a remediation report, allowing us to address any issues.

Further Technical Verification

Cyber Essentials Plus

8 Further verification

This comprehensive verification process includes checks on various security aspects, such as:

Read more
1. Anti-virus: Ensuring that effective anti-virus solutions are in place and regularly updated.
 
2. External gateways: Assessing the security of your external IP addresses to prevent unauthorised access.

3. Firewall settings: An in-depth review of firewall configurations to ensure they are optimal for protecting your network.

4. Mobile phones: Ensuring that mobile devices adhere to security policies.

5. MFA: Confirming that multi-factor authentication is implemented for cloud admin accounts to enhance security.

Why choose The Final Step as your Cyber Essentials consultants?

Meet the standard and verify it

We are Cyber Essentials experts and, for many years, have helped businesses in London implement the UK Government’s continually updated baseline standard for cyber security.

We partner with external auditors who verify our work before IASME certifies it. In effect, we don’t mark our own homework, but our partners double-check it before we hand it in, inspiring confidence.

Protect your organisation against basic threats

Cyber Essentials is designed to address the most fundamental 80% of risks that organisations face. Setting that baseline helps keep you safe.

 

Protect your organisation against advanced threats

Cyber Essentials is not a fix for all security concerns. It doesn’t address the final 20% of risks. But whilst the standard stops there, we don’t. Good cyber security is about layers of security. Our risk assessment process, prioritising your most relevant risks and planning to mitigate them, means that Cyber Essentials plays just one part in a wider, more secure cyber security strategy.

 

Good security. Not for one day, but for all year

Cyber Essentials is a snapshot in time. Like an MOT, it shows your security meets the standard on a given date. But technology has many moving parts and your secure status will drift over time. That’s why you have to re-certify annually. However, we have a range of services you can add that monitor, maintain and intervene when your security is threatened.

 

Continuous improvement in the right areas, at the right time

Cyber Essentials is just one part of cyber security and, in turn, cyber security is just one part of managing your overall IT. Most businesses can’t afford to do everything all at once. Cyber security and your wider IT need to evolve over time. We have a proven process and track record of ensuring IT is at the service of the business.

 

Spend wisely and save money

Part of well-informed risk mitigation is about spending wisely. Cyber Essentials is an investment in your reputation as much as your technical measures. It’s worth bearing in mind that 50% of UK businesses reported cyber attacks or security breaches between April 2023 and April 2024, with just one data breach costing UK businesses an average of £2.93 million. No security measure can remove all your risk; being proactive and having a robust business continuity and disaster recovery process is crucial.

Partnered with and certified by the best

Cyber Essentials FAQs

What are the key differences between Cyber Essentials and Cyber Essentials Plus and which one is right for my business?

Cyber Essentials and Cyber Essentials Plus cover the same security controls, but the level of assurance is different. Cyber Essentials is a self-assessment that confirms you have the right basic protections in place. Cyber Essentials Plus goes a step further with independent, hands-on technical testing to prove those controls actually work in practice.

Many SMEs are fine starting with the standard certification, but if you need stronger assurance – for example, because you handle sensitive data or work with regulated clients – Cyber Essentials Plus is usually the better fit.

What are the five essential technical controls required to achieve Cyber Essentials?
Cyber Essentials is built around five core technical controls designed to block the most common cyber attacks.
  1. Firewalls and internet gateways – to block unauthorised access into your network.
  2. Secure configuration – ensuring devices are setup securely.
  3. User access control – making sure people only have the permissions they genuinely need.
  4. Malware protection – tools that protect against viruses, ransomware and malicious software.
  5. Patch management – keeping devices and software updated so known vulnerabilities can’t be exploited.
Together, these controls significantly reduce everyday risks for SMEs, especially around phishing, account compromise and common exploits.
What is the step-by-step process for getting certified and how long does the accreditation typically take?

The Cyber Essentials process is fairly straightforward. You start by checking your current setup against the Cyber Essentials requirements, identifying any gaps, and fixing those areas. Once everything is in place, you collect the evidence needed and complete the self-assessment. Certification is usually issued quickly after submission.

If you’re going for Cyber Essentials Plus, there’s an additional stage where an assessor carries out hands-on technical testing to verify the controls. Timelines vary depending on remediation work, but many SMEs complete the process within days to a few weeks.

What is the average cost of Cyber Essentials certification for small businesses in the UK?

Cyber Essentials pricing is set nationally – we do not charge any margin on this and we simply pass that cost on at the standard rate for your business size. What can vary is the amount of support your business needs to get ready. We charge consultancy only for the time spent helping you identify gaps, make technical changes and prepare the evidence for the assessment.

For many small businesses the overall cost is relatively modest, especially if you already have the core controls in place – the main variable is how much remediation work is required before submission.

What are the benefits of achieving Cyber Essentials or Cyber Essentials Plus certification for UK businesses?

Cyber Essentials gives your business a recognised security baseline and shows customers, partners and insurers that you take cyber risk seriously. It helps build trust, improves your chances in tenders, and is increasingly expected by organisations who need reassurance that their suppliers are safe to work with – especially in the public sector.

Certification also demonstrates that you’ve put time and effort into getting your security fundamentals right, which can reduce insurance questions, strengthen your reputation and gives you a clearer understanding of your own risk posture.

What happens if my company fails the Cyber Essentials audit or needs to renew the certification?

Cyber Essentials is largely a self-assessment, so most issues can be fixed before you submit the assessment. If something would cause you to fail, we help you remediate it and then you complete the assessment once those controls are in place.

Cyber Essentials Plus is different, as it involves hands-on testing, but even then you’ll receive clear guidance on what needs to be corrected follow by a rapid re-test.

Certification must be renewed annually, so it’s important to keep your controls up to date throughout the year rather than treating it as a one-off exercise.

Free consultation on Cyber Essentials certification..

IASME’s freely available online directory of organisations certified in Cyber Essentials is becoming a frequently used tool for due diligence and benchmarking. Get in touch with us for a free 30 minute consultation if you would like to certify your standards and maintain them.