Select regional store:

Cyber Essentials FAQs

  • Why should we get a Cyber Essentials certificate?
  • What is required for certification to Cyber Essentials?
  • What is required for certification to Cyber Essentials Plus?
  • Who will conduct the assessments for Cyber Essentials and Cyber Essentials Plus?
  • Can we become Cyber Essentials and Cyber Essentials Plus certified?
  • How do we determine how many IP addresses we have to test?
  • How long will it take between submitting our questionnaire and receiving our certificate?
  • What can we expect from the Cyber Essentials application process?
  • How do we define the scope?
  • What should we do if we have more than 16 IP addresses?
  • What happens if we fail the tests or scans?
  • I need more guidance about the certification process.
  • Should we apply for a CE badge in addition to our ISO 27001 certification?
  • Which should we start first: (1) the CE scheme, (2) ISO 27001:2013, or (3) both?
  • Why do some certification bodies require an external scan in addition to the self-assessment questionnaire?
  • Why are there two approaches to gaining CE certification (one with vulnerability scanning requirements and one without)?
  • Must we have vulnerability scans/pen tests provided by a third party?
  • Can we use our existing vulnerability scanning/pen testing company?
  • Can we self-certify and carry out our own vulnerability scans and pen tests?
  • What is the difference between the types of scans and assessments that will be conducted by the certification body for Cyber Essentials and Cyber Essentials Plus?

Solutions for CES certification


IT Governance is a CREST-approved member and accredited Cyber Essentials scheme certification body. IT Governance offers three unique solutions to certification that will enable you to achieve certification to either Cyber Essentials or Cyber Essentials Plus cost-effectively and easily.

View the three solutions to certification >>

This website uses cookies. View our cookie policy