Cyber Essentials Plus still has the Cyber Essentials simplicity of approach, and the protections you need to put in place are the same, but this time an assessor will carry out a technical audit of your systems to verify the Cyber Essentials controls are in place.
This higher level of assurance involves completing the online assessment followed by a technical audit of the systems that are in-scope for Cyber Essentials. This includes a representative set of user devices, all internet gateways and all servers with services accessible to unauthenticated internet users. Your assessor will test a suitable random sample of these systems (typically around 10 per cent) and then make a decision whether further testing is required.
You will need to complete your Cyber Essentials PLUS audit within 3 months of your last Cyber Essentials basic certification. Alternatively, you can complete the online assessment as part of the Cyber Essentials PLUS certification. The assessor will often have to visit your head office and a representative sample of your other offices in order to carry out the tests.
The cost of a Cyber Essentials PLUS assessment will depend on the size and complexity of your network.