Guide

Cyber Essentials Certification

Government-backed scheme helping organisations guard against common cyber attacks. Required for many government contracts involving handling of sensitive information.

Last updated: 16 February 2026

Technology & Digital UK-wide

Overview

Cyber Essentials is a government-backed certification that demonstrates your organisation has implemented basic cyber security controls. There are two levels:

• Cyber Essentials: Self-assessment questionnaire verified by external body
• Cyber Essentials Plus: Includes hands-on technical verification by qualified assessor

When required

• Bidding for UK government contracts involving handling of sensitive or personal information
• Contracts involving provision of certain ICT products or services
• Many private sector contracts now specify Cyber Essentials as a requirement

Five technical controls

1. Review five technical controls

   Review the five technical controls and assess your current compliance

2. Choose certification level

   Choose between Cyber Essentials (self-assessment) or Cyber Essentials Plus (verified)

3. Select certification body

   Select an NCSC-approved certification body

4. Complete assessment

   Complete the self-assessment questionnaire or arrange technical assessment

5. Pay certification fee

   Pay certification fee (typically £300-£500 for basic, £1,500+ for Plus)

6. Maintain certification annually

   Maintain certification annually (valid for 12 months)

Get Cyber Essentials certified

---

Related guides in Digital & Technology

Cyber security requirements for UK businesses

How to protect your business from cyber threats and comply with UK cyber security requirements. Includes Cyber Essentials certification, data breach notification rules, and sector-specific obligations for financial services and healthcare.

Read guide

Get Cyber Essentials certified

How to achieve Cyber Essentials certification for your business. Covers the five technical controls, certification levels and costs, the assessment process, and requirements for government contracts.

Read guide

Cyber security basics for small businesses

Practical, low-cost steps to protect your small business from cyber attacks. Covers the five Cyber Essentials controls, free security tools, staff awareness, and how to respond if something goes wrong.

Read guide

Cyber security for financial services firms

FCA operational resilience requirements for cyber security, including the 31 March 2025 compliance deadline, SM&CR responsibilities for cyber risk, third-party outsourcing requirements, and preparing for DORA-style regulations.

Read guide

Tech Sector Compliance Overview

Comprehensive guide to regulatory compliance for technology businesses - UK GDPR, data protection, online safety, cybersecurity, and sector-specific requirements.

Read guide