The buyer wants certification plus governance runway
Fig is cleaner where the organisation wants CE now but expects follow-on work around policies, supplier risk, vulnerability management, or insurance evidence.
Fig vs Cyber Essentials Online. CE-focused alternative with published 6-hour guarantee, below-IASME pricing, and bundled insurance.
Cyber Essentials Online is a UK certification body focused on fast, online CE delivery. Fig Group is a direct peer - IASME-licensed, published 6-hour turnaround guarantee, below-IASME pricing from £299.99 + VAT, three free re-submissions. Fig additionally includes free cyber liability insurance for UK organisations under £20m turnover and a governance-first compliance platform.
Decision table
Capability-by-capability comparison between Fig Group and Cyber Essentials Online
| Capability | Fig Group | Cyber Essentials Online |
|---|---|---|
| UK-resident data and support | UK-based | |
| IASME-licensed Cyber Essentials certification included | ||
| 6-hour Cyber Essentials turnaround guarantee | Fast delivery stated; no 6-hour SLA published | |
| Multi-tenant MSP architecture | No checked public claim | |
| Governance-first control plane (policy drives evidence, not reverse) | CE-focused workflow | |
| Integrated vulnerability management and EPSS/KEV prioritisation | No checked public claim | |
| Embedded cyber insurance distribution | No checked public claim | |
| Frameworks supported | 65+ incl. Cyber Essentials, ISO 27001, NIS2, SOC 2, DORA, CS&R, DCC | Cyber Essentials focused |
| Published Cyber Essentials pricing | From £299.99 + VAT | Published by package |
Buyer-fit analysis
Where Fig is the cleaner fit, and where Cyber Essentials Online may be.
This page was last reviewed on 27 April 2026. We separate certificate delivery, platform fit, MSP workflow, and procurement risk so the comparison is useful rather than just a vendor scorecard.
Where Fig is the cleaner fit
An MSP wants more than a one-off certificate portal
Fig supports the repeated MSP operating model, not just the immediate assessment transaction.
The buyer wants a documented evidence trail
Fig is useful where the same CE evidence will be reused for customers, insurers, and annual renewal.
Where Cyber Essentials Online may be the cleaner fit
The buyer wants a narrow CE-only service
Cyber Essentials Online may fit better if the buyer wants the simplest possible CE-only path and does not need platform workflow or broader governance.
The organisation does not need MSP or renewal workflow
If this is a one-off certificate for a very small organisation, a narrow CE-only provider may be enough.
Claims to verify before buying
- 01Confirm turnaround wording, re-submissions, VAT, and support before comparing headline prices.
- 02Ask whether the certificate evidence can be reused after issue.
- 03Check whether CE Plus and future governance requirements can stay with the same provider.
How to read this
The useful question is not which vendor is universally better.
It is which route fits the buyer's certification, data residency, MSP, and assurance requirements. Fig is strongest where Cyber Essentials certification, IASME-licensed assessment, UK support, published pricing, and MSP delivery are part of the requirement. Cyber Essentials Online may still be the better choice where its existing product focus, contract position, or implementation model is already aligned to the buyer.
Step 01
Confirm what is being purchased
A formal certificate, a compliance automation platform, a consultancy engagement, or a mixture. Cyber Essentials and Cyber Essentials Plus must be delivered through an IASME-licensed certification body; generic compliance automation alone does not issue the official certificate.
Step 02
Match supplier to job
If the job is to pass Cyber Essentials quickly, the decisive evidence is IASME licence status, assessor responsiveness, price, re-submission policy, and certificate turnaround. If the job is broader governance automation, the decisive evidence is control ownership, policy workflow, evidence retention, and renewal support.
Buyer checklist
Six questions to ask both suppliers
- 01Are you IASME-licensed? If yes, ask for the licence ID. If no, the supplier cannot issue the official Cyber Essentials certificate.
- 02Is pricing published? Gated, per-certification, subscription, or consultancy-led - confirm before procurement.
- 03Are re-submissions, readiness support, and urgent turnaround included, or charged separately?
- 04For MSPs: confirm tenant isolation, white-labelling, client reporting, and the margin model.
- 05For audit: how is evidence retained, exported, and mapped to framework controls?
- 06For renewal: does the provider support next year's certificate, or only the first submission?
Official sources
Independently verify what either supplier claims
Best fit · Fig Group
Choose Fig when the requirement maps here
- Buyers comparing two fast-turnaround bodies - Fig publishes the 6-hour SLA and includes insurance bundle.
- MSPs reselling CE at volume.
- Organisations progressing from CE to ongoing governance on one platform.
Best fit · Cyber Essentials Online
Choose Cyber Essentials Online when the requirement maps here
- Buyers who specifically prefer a CE-only focus with no platform overhead.
Next step
Compare on the axis that matters to you.
Cyber Essentials certification, IASME licence, 6-hour turnaround, MSP multi-tenant - Fig publishes the capability set. See pricing or talk to an assessor.