Cyber Security Managed Services
Managed Cyber Essentials
Cyber Essentials is a government backed scheme and is an important part of the National Cyber Security Centre’s mission to “make the UK one of the safest places to live and do business on-line.”
Introducing Cyber Essentials
Cyber Essentials is a UK government-backed cyber security certification scheme designed to help businesses protect themselves from common online threats.
It lays out a set of basic security controls that organisations of any size can implement to safeguard their IT systems.
By getting Cyber Essentials certified, your business demonstrates a commitment to cyber security and gains peace of mind that you have defenses against the most frequent cyber attacks.
Managed Cyber Essentials For Your Business
By selecting our Managed Cyber Essentials Service, you ensure that your Cyber Essentials certification reflects genuine security measures rather than just a certificate. Our proactive, expert-led approach significantly improves your real-world protection against common cyber threats, positions you strongly for Cyber Essentials Plus, and enhances your business’s reputation with customers, insurers, and regulatory bodies.
Why should my business get Cyber Essentials certified?
Cyber Essentials certification brings several practical benefits for a small or medium business. First, it helps protect against the vast majority of common cyber attacks – studies show that implementing the five Cyber Essentials controls can fully prevent about 70% of commodity cyber attacks (and partially mitigate almost all the rest).
Second, being certified signals to your customers and partners that you take cyber security seriously, which can enhance your reputation and trustworthiness.
Additionally, Cyber Essentials has become a requirement for many UK government contracts – for example, the Ministry of Defence and NHS suppliers must have Cyber Essentials certification.
As an extra perk, achieving the basic certification currently includes free cyber liability insurance for many UK SMEs (conditions apply).
In short, Cyber Essentials not only strengthens your security but also opens up business opportunities and reassurance for your clients.
How Our Managed Cyber Essentials Service Works:
Our process is straightforward and designed for busy business owners. Here are the key steps:
1. Initial Gap Analysis (Free of Charge)
Our experienced cyber security professionals conduct a comprehensive analysis of your current security measures.
You receive a detailed report identifying any gaps against Cyber Essentials requirements, alongside a clear, costed action plan to resolve these.
2. Remediation Flexibility
You can choose who carries out any required remedial work: our team, your internal IT team, or a third-party provider.
Full transparency and flexibility mean you retain complete control over costs and implementation.
3. Certification Management
We handle the entire certification process, from registration with an approved certification body, completion of the assessment questionnaire, submission, and liaising with assessors through any review processes.
This significantly reduces your administrative burden and ensures accuracy and thoroughness.
4. Ongoing Compliance and Monitoring
Throughout the year, we proactively monitor your compliance with Cyber Essentials standards.
Regular checks ensure your business remains aligned with current standards and prepared for renewal, adapting swiftly to any changes in requirements.
| Feature | Managed Service by Your IT Department | Self-Assessment |
|---|---|---|
|
Initial Gap Analysis |
✅ Expert-led, comprehensive & free |
❌ DIY; limited expertise |
|
Remediation Guidance |
✅ Clear, expert-developed action plan |
❌ Self-guided, no expert input |
|
Remediation Work Options |
✅ Flexible (Your IT, internal team, 3rd party) |
❌ Entirely self-managed |
|
Questionnaire Completion & Submission |
✅ Fully managed by experts |
❌ Completed internally |
|
Review and Certification |
✅ Expert oversight, guaranteed accuracy |
❌ Potential for errors |
|
Control Implementation Assurance |
✅ Controls properly implemented and verified |
❌ Risk of incorrect implementation |
|
Actual Protection Level |
✅ Real, verified protection |
❌ Uncertain protection level |
|
Ongoing Compliance Monitoring |
✅ Monitoring & renewal preparation |
❌ Self-managed annually |
|
Readiness for Cyber Essentials Plus & Independent Assessments |
✅ Optimally positioned & prepared |
❌ Limited readiness |
What are the five security control areas in Cyber Essentials?
What are the five security control areas in Cyber Essentials?
Cyber Essentials is built around five key technical controls that form a solid baseline of cyber security:
Firewalls & Internet Gateways – Use a firewall to secure your internet connection and block unauthorised access. Properly configured firewalls act as the first line of defense between your internal network and external threats.
Secure Configuration – Set up all computers, servers, and devices with security in mind. This means removing or disabling unused accounts and software, using strong settings/passwords, and ensuring default configurations are hardened to reduce vulnerabilities.
User Access Control – Manage accounts and permissions so that staff only have access to the data and services they need. Admin accounts should be strictly limited. By applying the principle of least privilege, you minimise the damage that can be done if an account is compromised.
Malware Protection – Install and use antivirus or anti-malware software on all systems to detect and block malicious software. Malware protection (via reputable security software and safe practices) helps prevent viruses, ransomware, and other harmful code from running on your devices.
Security Update Management (Patch Management) – Keep your software and devices up to date with the latest security patches. Ensuring you promptly install updates for operating systems and applications closes known security holes and is critical to preventing attacks. (Cyber Essentials requires that important updates are applied within 14 days of release, for instance.)
By implementing these five controls, even in a basic way, your business can dramatically reduce its risk of a breach. They’re essentially the fundamental cyber hygiene steps every organisation should take.
Partnering with a Managed Services Provider (MSP) for Cyber Essentials
A Managed Services Provider like Your IT Department will become an extension of your team, taking the time to learn every detail about your company, from how your systems operate to who to contact when quick decisions are needed. We’ll get to know your team, your workflows, and your specific security needs, ensuring seamless support whenever you need it.
Unlike a reactive model that only steps in when something goes wrong, we work continuously behind the scenes, monitoring your systems 24/7, identifying potential risks, and keeping your business protected.
Why Choose Your IT Department
Choosing Your IT Department means that you get more than cyber resilience. You gain a great working relationship with a team that understands your business, offers personalised support, and is always available when you need us.
Here’s why you should choose us.
Unique Managed Approach
Our managed approach doesn’t just earn you a certificate – it genuinely protects your business. Unlike standard self-assessment options, our team ensures that Cyber Essentials controls are properly implemented, verified, and actively maintained. This means you’re genuinely protected against 70% of the most common cyber threats, not just certified on paper.
Award-Winning, Ongoing Support
Partnering with us means tapping into continuous support from an award-winning Managed Service Provider. We don’t just help you pass your assessment – we stay with you every step of the way, providing proactive monitoring, guidance, and expert support year-round. This ensures you’re always prepared, compliant, and secure.
Your IT Department - Tailored to You
We can seamlessly become your one-stop shop for everything IT-related, offering comprehensive support and solutions under one roof.
Alternatively, if you have an in-house team, we integrate effortlessly, complementing your existing resources and delivering precisely the support you need, exactly when you need it.
Our Cyber Security Blog
FREQUENTLY ASKED QUESTIONS
We’ve answered some of the most frequently asked questions about cyber security services below:
How long does it take to get Cyber Essentials certified?
This depends on the approach and the exact timeline will vary depending on how well secured the business is. If you’ve already met most of the requirements, filling out the self-assessment questionnaire might only take an hour or two, and most certification bodies return results within about 3 days of submission. Officially, once you purchase an assessment, you have up to 6 months to complete and submit the questionnaire – so you can take it at your own pace if needed. Keep in mind that if the assessor finds any issues, you’ll be given a chance to correct them and resubmit, which can add extra time.
For Cyber Essentials Plus, the process involves scheduling an external audit (after you’ve gotten the basic certification) and must be completed within 3 months of the basic cert, so achieving CE Plus will take longer to accommodate the technical testing
How often do I need to renew the Cyber Essentials certification?
Cyber Essentials is not a one-time certification – it needs to be renewed annually. The certificate is valid for 12 months from the date of issue. After one year, if you want to maintain your Cyber Essentials status, you’ll need to go through the certification process again (essentially re-completing the self-assessment to show your practices still meet the standards). The renewal is basically the same as the initial certification in terms of effort and cost, so it’s a good idea to budget for updating your certification each year. Don’t worry, though – IASME (the scheme operator) will usually send you a reminder about a month before your certificate expires.
Keeping the certification up to date yearly ensures your business continues to be protected and compliant with the latest Cyber Essentials requirements.
Do you also offer Cyber Essentials Plus?
Yes, we do! Cyber Essentials Plus involves an independent technical audit to verify that the security controls are not only in place but also effectively working. Choosing our Managed Cyber Essentials service makes stepping up to Cyber Essentials Plus much smoother and quicker because your controls will already have been expertly implemented, tested, and verified, significantly easing the transition to the more rigorous Plus certification.
What’s the difference between Cyber Essentials and Cyber Essentials Plus?
The difference comes down to the level of assurance and assessment rigor. Cyber Essentials (basic) can be completed as a self-assessment certification (although we do recommend this approach). You answer an online questionnaire about your security controls, and a qualified assessor reviews it remotely. Cyber Essentials Plus, on the other hand, includes an independent technical audit on top of the questionnaire. For Cyber Essentials Plus, a security expert will actually test your systems (conducting checks like vulnerability scans on a sample of your devices and networks) to verify that the Cyber Essentials controls are not only in place but working effectively.
Importantly, the security controls covered in CE and CE Plus are exactly the same. The Plus tier doesn’t add new requirements, but it provides a higher level of confidence because an outside professional has audited your setup. Think of Cyber Essentials as the first step – affordable and accessible – and Cyber Essentials Plus as an optional second step that offers a gold-standard of assurance (with more effort and cost involved). Note that you must attain the basic Cyber Essentials certification before going for Cyber Essentials Plus.
How much does Cyber Essentials certification cost?
The cost for a basic Cyber Essentials assessment is fixed by the scheme and depends on your organisation’s size
As of now, the official IASME pricing (exclusive of VAT) is:
Micro (0–9 employees): £320 + VAT
Small (10–49 employees): £440 + VAT
Medium (50–249 employees): £500 + VAT
Large (250+ employees): £600 + VAT
However these are only the assessment fees for the basic Cyber Essentials certification.
Our Managed Cyber Essentials Service starts from £99 + VAT per month. This includes the the initial gap analysis, completion of the questionnaire, liaison with the Assessor, the above certification fee and the ongoing support, and monitoring.