The buyer wants a fixed certificate path, not a monitoring subscription decision
Fig is clearer when the immediate outcome is a Cyber Essentials certificate with published pricing, assessor support, and a stated re-submission model.
Fig vs CyberSmart. IASME-licensed CE body with published 6-hour turnaround and below-IASME pricing.
CyberSmart is a UK Cyber Essentials certification body and compliance platform, historically focused on SMB subscription-style CE with integrated continuous monitoring. Fig Group is the alternative with a 6-hour turnaround guarantee, transparent published pricing from £299.99 + VAT (below the standard IASME fee), and three free re-submissions per certification.
Decision table
Capability-by-capability comparison between Fig Group and CyberSmart
| Capability | Fig Group | CyberSmart |
|---|---|---|
| UK-resident data and support | UK-based | |
| IASME-licensed Cyber Essentials certification included | ||
| 6-hour Cyber Essentials turnaround guarantee | No published 6-hour SLA | |
| Multi-tenant MSP architecture | Depends on package | |
| Governance-first control plane (policy drives evidence, not reverse) | No checked public claim | |
| Integrated vulnerability management and EPSS/KEV prioritisation | Depends on package | |
| Embedded cyber insurance distribution | No checked public claim | |
| Frameworks supported | 65+ incl. Cyber Essentials, ISO 27001, NIS2, SOC 2, DORA, CS&R, DCC | Cyber Essentials focused |
| Published Cyber Essentials pricing | From £299.99 + VAT | Published by package |
Buyer-fit analysis
Where Fig is the cleaner fit, and where CyberSmart may be.
This page was last reviewed on 27 April 2026. We separate certificate delivery, platform fit, MSP workflow, and procurement risk so the comparison is useful rather than just a vendor scorecard.
Where Fig is the cleaner fit
An MSP wants margin and white-label workflow
Fig is designed for MSPs that want to sell CE repeatedly without rebuilding client reporting and delivery workflow each time.
The organisation needs deadline-led support
Where the pressure is a tender deadline, the buyer needs fast scope review, quick gap handling, and a direct route to certificate issue.
Where CyberSmart may be the cleaner fit
The organisation already uses CyberSmart monitoring
If CyberSmart is already installed, accepted by the customer, and working as the monitoring layer, staying put may avoid unnecessary change.
The buyer prefers subscription-led monitoring
Some teams want a continuous monitoring subscription as the commercial anchor. If that is the goal, CyberSmart may be a better fit.
Claims to verify before buying
- 01Ask both suppliers for the full first-year and renewal cost including VAT, re-submissions, and support.
- 02Confirm whether the buyer wants a certificate-first service or a monitoring-subscription service.
- 03Check how quickly assessor feedback is returned when the first submission has gaps.
How to read this
The useful question is not which vendor is universally better.
It is which route fits the buyer's certification, data residency, MSP, and assurance requirements. Fig is strongest where Cyber Essentials certification, IASME-licensed assessment, UK support, published pricing, and MSP delivery are part of the requirement. CyberSmart may still be the better choice where its existing product focus, contract position, or implementation model is already aligned to the buyer.
Step 01
Confirm what is being purchased
A formal certificate, a compliance automation platform, a consultancy engagement, or a mixture. Cyber Essentials and Cyber Essentials Plus must be delivered through an IASME-licensed certification body; generic compliance automation alone does not issue the official certificate.
Step 02
Match supplier to job
If the job is to pass Cyber Essentials quickly, the decisive evidence is IASME licence status, assessor responsiveness, price, re-submission policy, and certificate turnaround. If the job is broader governance automation, the decisive evidence is control ownership, policy workflow, evidence retention, and renewal support.
Buyer checklist
Six questions to ask both suppliers
- 01Are you IASME-licensed? If yes, ask for the licence ID. If no, the supplier cannot issue the official Cyber Essentials certificate.
- 02Is pricing published? Gated, per-certification, subscription, or consultancy-led - confirm before procurement.
- 03Are re-submissions, readiness support, and urgent turnaround included, or charged separately?
- 04For MSPs: confirm tenant isolation, white-labelling, client reporting, and the margin model.
- 05For audit: how is evidence retained, exported, and mapped to framework controls?
- 06For renewal: does the provider support next year's certificate, or only the first submission?
Official sources
Independently verify what either supplier claims
Best fit · Fig Group
Choose Fig when the requirement maps here
- Organisations that want certified within a single UK working day for tender deadlines.
- Buyers that want published, non-gated pricing.
- MSPs reselling CE at scale with white-label workflow.
Best fit · CyberSmart
Choose CyberSmart when the requirement maps here
- Long-standing CyberSmart subscription customers comfortable with their existing platform.
- Buyers who prefer a monthly-subscription pricing model over per-certification billing.
Next step
Compare on the axis that matters to you.
Cyber Essentials certification, IASME licence, 6-hour turnaround, MSP multi-tenant - Fig publishes the capability set. See pricing or talk to an assessor.