Cyber Essentials Services

Three levels of support to take you from gap analysis through to ongoing compliance — choose the service that fits your organisation.

Book a Free Consultation

Cyber Essentials · Three-Tier Service

Detect. Protect. Respond.

Whether you need a one-off readiness check before assessment or a fully managed annual relationship, we have a service to match your needs and budget.

Detect

Pre-Assessment Gap Analysis & Readiness Support

Before your formal assessment, we identify gaps in your technical controls and provide clear remediation guidance. We walk through the self-assessment questionnaire with you, translate technical requirements into your environment, and pinpoint what needs fixing before submission.

  • Gap analysis against current CE requirements
  • Written report: good practice & areas to improve
  • Guidance on MFA & 14-day patch compliance
  • Avoids costly re-test fees before submission
Typical cost: £enq.
Get Started with Detect →
Protect

Fully Managed End-to-End Certification Service

We handle the entire certification process on your behalf — scoping the IT estate, completing the questionnaire, remediating gaps, and managing the process end to end. You hand over the problem and get back a certificate.

  • Full environment scope & questionnaire completion
  • Vulnerability scans & configuration reviews (CE+)
  • Plain-English findings with risk ratings
  • Remediation support before retest
Typical cost: £enq.
Get Started with Protect →
Respond

Ongoing Compliance Monitoring & Annual Renewal Retainer

Certification is valid for 12 months and must be renewed annually. We convert the relationship into an ongoing retainer — quarterly patch compliance checks, annual renewal preparation, and configuration baseline monitoring.

  • Quarterly patch compliance checks
  • Annual renewal reminders & re-assessment
  • Configuration baseline monitoring
  • Guidance as your IT environment evolves
Typical cost: £enq.
Get Started with Respond →
Important — April 2026 scheme changes: MFA not enabled across all cloud services is now an automatic fail, as is any high-risk vulnerability (CVSS 7.0+) not patched within 14 days of release. Our Detect service catches these issues before your submission, avoiding costly re-test fees. Read the full April 2026 update →

Not sure which service is right for you?

Book a free, no-obligation consultation and we'll recommend the best starting point for your organisation.

Book a Free Consultation