What Cyber Essentials is
Cyber Essentials is a UK government-backed cyber security certification scheme administered by IASME on behalf of the NCSC. It assesses an organisation against five technical controls: firewalls, secure configuration, user access control, malware protection and security update management. Cyber Essentials Plus adds a hands-on technical audit. Certification is annual.
Why Cyber Essentials matters
- Mandatory for many UK MOD, central government and public-sector contracts.
- Increasingly required by primes when sharing CAD, IP or production data with suppliers.
- Reduces risk of ransomware, phishing and supply-chain compromise.
- Signals a baseline maturity in IT and information-handling practices.
Industries that use Cyber Essentials
Supplier selection guidance
- 1
Ask whether the supplier holds Cyber Essentials or Cyber Essentials Plus (Plus is meaningfully stronger).
- 2
Check the certificate is current - it lapses after 12 months.
- 3
For sensitive IP exchange, prefer Cyber Essentials Plus or evidence of ISO 27001.
- 4
Confirm where your data will be stored and who has access before sharing drawings or models.
Frequently asked questions
Cyber Essentials is a verified self-assessment. Cyber Essentials Plus adds an independent technical audit of the controls in place.
No. Cyber Essentials covers a baseline set of technical controls. ISO 27001 is a full information security management system standard - broader and significantly deeper.
Not in general, but it is mandatory for many UK central government contracts that involve personal information or sensitive technical data.
Find Cyber Essentials suppliers on Industrial Connected
Filter our verified UK supplier directory by certification, or post your project and let us match you with shortlisted, audit-ready suppliers.
