Cyber Essentials & Cyber Essentials Plus

We can help your organisation, system or defined process become certified for Cyber Essentials or Cyber Essentials Plus, a requirement for any organisation bidding for UK government contracts that involve the handling of sensitive information. Our trained assessors and security consultants can undertake pre assessment work to ensure that you are ready for your Cyber Essentials certification, or, if you feel that you are already compliant, we can process your assessment against the current framework. This government-backed scheme provides assurance to your stakeholders and customers that you have robust process in place and are fully committed to the ongoing management of cyber-security issues.

The Cyber Essentials scheme identifies some fundamental technical security controls that an organisation needs to have in place to help defend against Internet-borne threats. The scheme helps you to guard against the most common cyber threats. This is undertake by evaluating 5 specific criteria:

  1. Firewalls – Ensuring that there is a boundary firewall that is correctly configured to protect against external threats
  2. Secure Configuration – Devices are to be run with the least privilege rule, any unnecessary software and services are disabled. End user devices are secured with a strong password, data protected by encryption and where possible remotely managed with remote wipe capability
  3. Access control – Subject access rights are run with the least privilege rule, assessing where administrator rights are required and tracking and monitoring the use of accounts
  4. Malware Protection – Restrict execution of known malware and untrusted software, to prevent harmful code from causing damage or accessing sensitive data
  5. Patch Management – Ensure that devices and software are not vulnerable to known security issues for which fixes are available


Cyber Essentials Plus builds on the Essentials scheme by looking in more details at the end user devices, via an on-site assessment to validate that:

  1. Users have suitable privileges and that malicious users cannot escalate their privileges, or access things they shouldn’t
  2. Anti-virus measures are effective and suitably maintained
  3. Mobile devices are protected in the event of theft and attack with encryption and PIN code
  4. Prevents successful execution of malicious files through email phishing and social engineering attacks via web links using a ‘2 click rule’ across all web browsers which are installed on the test system
  5. External systems are free from common infrastructure and common vulnerabilities and only a limited set of TCP/UDP ports are accessible to public networks
  6. Passwords used to secure and do not permit the use of default or simple credentials
  7. Authenticated scans are undertaken on devices to ensure that all systems are patched correctly and software falls within a supportable level and up to date

Start your Cyber Essentials accreditation journey with Capula or register your interest here:  Cyber Essentials certification with Capula