Cyber Essentials PLUS
CE+ Audit Details
Cyber Essentials PLUS involves a technical audit of the systems that are in-scope for Cyber Essentials. This includes a representative set of user devices, all internet gateways and all servers with services accessible to unauthenticated internet users. The assessor will test a suitable random sample of these systems (typically around 10 per cent) and then make a decision whether further testing is required.
You will need to complete your Cyber Essentials PLUS audit within 3 months of your last Cyber Essentials basic certification. Both these can also be completed at the same time.
The assessor will need to visit your head office and a representative sample of your other offices in order to carry out the tests. The quantity of other offices visited depends on the complexity of your organisation - in a multinational organisation the assessor may need to visit a number of countries. Some tests may be carried out remotely provided that the agreed on-site visits have been carried out.
You can see the common test specification used by all Accreditation Bodies here.
Cost of CE+
The cost of a Cyber Essentials PLUS assessment will depend on the size and complexity of your network. You can submit an enquiry here to be emailed with a quote for a Cyber Essentials PLUS assessment from two different Certification Bodies.
Alternatively you can see all the Certification Bodies listed here with their contact details if you would like to contact them directly for a quote. In addition to assessing you at the Cyber Essentials PLUS level, the Certification Bodies can also act as consultants to help you achieve the certification.