To plus or not to plus?
- johnboyd7
- 15 hours ago
- 2 min read
We know a lot of small to medium business owners out there will be asking this question, do I really need Cyber Essentials Plus? We have put together this blog to hopefully clear up why a business should need to upgrade to Cyber Essentials Plus.
The key differences between Cyber Essentials and Cyber Essentials Plus lie in the level of assurance and the assessment process involved:
Assessment Process:
Cyber Essentials: This certification involves a self-assessment questionnaire that organisations complete to confirm they have implemented the required security controls. The responses are then reviewed by an external Certification Body.
Cyber Essentials Plus: In addition to the self-assessment questionnaire, Cyber Essentials Plus includes a technical audit of the organisation's systems and devices. This audit is performed by an independent auditor who uses tools and techniques to verify the implementation of security controls.
Level of Assurance:
Cyber Essentials: Provides a basic level of assurance that the organisation has implemented fundamental cybersecurity measures to protect against common cyber threats.
Cyber Essentials Plus: Offers a higher level of assurance by including an independent technical audit, ensuring that the security controls are not only in place but also effective in protecting against cyber threats.
Cost and Complexity:
Cyber Essentials: Generally, less expensive and less complex, making it suitable for smaller organisations or those with limited resources.
Cyber Essentials Plus: More costly and involves a more rigorous assessment process, making it suitable for organizations seeking a higher level of cybersecurity assurance.
Both certifications are valuable for enhancing an organisation's cybersecurity posture, but the choice between them depends on the level of assurance required and the resources available.
