CYBER ESSENTIALS PLUS
SIMPLE ROUTE TO CYBER ESSENTIALS PLUS CERTIFICATION
Fortis has a simple methodology to help you achieve certification:
Fortis conduct the CE+ technical assessment phase (on-site or remote)
If a pass then CE+ certification will be awarded
If some fail items, then remediate those within 30 days (NCSC guideline)
Fortis will deliver a remote re-test of the failed elements once
If a pass then receive your CE+ certificate
If still a fail, remediate fail sections and re-start the CE+ certification process
WHY CYBER ESSENTIALS PLUS?
Cyber Essentials Plus (CE+) includes an external vulnerability assessment, an internal scan and an on-site assessment. It offers more in-depth testing and therefore stronger assurances of security.
CE+ carries across all elements of Cyber Essentials, including a technical audit of your systems to verify the Cyber Essentials recommended controls are in place.
This higher level of assurance involves completing the SAQ followed by a technical audit of the systems that are in-scope for Cyber Essentials.
This includes a representative set of user devices, all internet gateways and all servers with services accessible to unauthenticated internet users and virtual desktop environments.
Figure 1 Chart to illustrate the certification process
Your assessor will test a suitable random sample of these systems (typically around 10 per cent) and then make a decision whether further testing is required.
You will need to complete your CE+ audit within 3 months of your last Cyber Essentials basic certification.
If you want to gain CE+ straight away, you can complete the CE SAQ as the initial part of the CE+ certification process.
The assessor will often have to visit your head office and a representative sample of your other offices in order to carry out the tests, however it is also possible to deliver this remotely.
The cost of a Cyber Essentials PLUS assessment will depend on the size and complexity of your network and devices.
INCLUDES
INCLUDES
SUITABLE FOR
SUITABLE FOR
DO IT YOURSELF
Business who are familiar with the CE+ requirements and have a high degree of IT security knowledge
Access to the CE Certification Questionnaire on the Fortis Portal
Remote external vulnerability assessment
On-site assessment including:
-
Authenticated internal vulnerability scan
-
Check malware protection
-
Check end user defences against malware delivered via email and via a website
1 Remote retest
SOME SUPPORT
Businesses who need some help understanding the scope & preparing the environment for CE+ compliance
Access to the CE Certification Questionnaire on the Fortis Portal
Remote Consultant-led advice 1
Remote external vulnerability assessment
On-site assessment including:
-
Authenticated internal vulnerability scan
-
Check malware protection
-
Check end user defences against malware delivered via email and via a website
1 Remote retest
LOTS OF SUPPORT
Businesses who require a lot of support & lack experience in providing a CE+ compliant technical architecture
Access to the CE Certification Questionnaire on the Fortis Portal
Remote Consultant-led advice 2
Remote external vulnerability assessment
On-site assessment including:
-
Authenticated internal vulnerability scan
-
Check malware protection
-
Check end user defences against malware delivered via email and via a website
1 Remote retest
SUITABLE FOR
INCLUDES
