What is Cyber Essentials certification?

Cyber Essentials is a UK government-backed certification scheme developed by IASME (the Information Security Accreditation Membership Body). It validates that your organisation has implemented essential cyber hygiene controls based on the NCSC (National Cyber Security Centre) guidelines. The certification demonstrates your commitment to cybersecurity best practices and helps protect against common cyber attacks.

What's the difference between Cyber Essentials and CE Plus?

Cyber Essentials is the self-assessed certification level covering 5 core control categories. CE Plus adds an independent, third-party verification layer - a qualified assessor conducts a technical audit of your systems, including vulnerability scanning and verification that controls are implemented correctly. CE Plus is more rigorous and carries greater credibility with customers, insurers, and partners.

Who needs Cyber Essentials certification?

Any organisation can benefit from CE certification. It's particularly valuable if you: are a contractor bidding for government contracts or critical infrastructure tenders, work with sensitive data, want to demonstrate cyber controls to customers or insurers, or need compliance evidence for frameworks like NIS2 or ISO 27001.

How long does certification last?

Cyber Essentials certification is valid for one year from the date of assessment. You'll need to re-certify annually. Many organisations maintain an evidence pack throughout the year to make annual renewal straightforward.

What does the readiness checker do?

Our readiness checker is a guided self-assessment tool based on the NCSC Cyber Essentials Requirements v3.3 (April 2026). It walks you through each control, asks targeted questions, and provides immediate feedback on your readiness. Use it to identify gaps before formal assessment.

Can Fig help with the full certification process?

Yes. Fig helps you prepare for assessment by identifying gaps against CE requirements, reviewing your supporting evidence, and giving clear remediation guidance. This significantly reduces the time and effort required for certification.

Is Cyber Essentials mandatory?

Under Procurement Policy Note 014/21, Cyber Essentials is required for certain UK central government contracts that involve handling sensitive or personal information. The specific requirement depends on the contract and the data involved. Beyond government, many private-sector organisations now require their suppliers to hold certification as part of supply chain assurance. While not legally required for all businesses, it is increasingly expected as a foundational standard of cyber hygiene.

What happens if I fail the Cyber Essentials assessment?

If your assessment identifies gaps in your controls, you will receive clear feedback on exactly what needs to be remediated. You can then make the necessary changes and resubmit your assessment. Fig provides guidance throughout this process to help you address any issues quickly. Most organisations that prepare using our readiness checker pass on their first attempt.

How long does the Cyber Essentials assessment take?

For Cyber Essentials, most organisations complete the self-assessment questionnaire within 1–2 weeks, depending on their preparation. For Cyber Essentials Plus, the third-party audit typically takes 1–3 days on-site or remotely, depending on organisation size and complexity. Preparing your evidence in advance can significantly reduce assessment time.

What is the new MFA requirement in Cyber Essentials v3.3?

Under the v3.3 update, multi-factor authentication (MFA) becomes mandatory for all user accounts that access organisational data or services. This applies to assessment accounts created from 28 April 2026 onwards. It covers cloud platforms, remote access, email, and administrative accounts. Existing certifications assessed before this date are not retrospectively affected.

Can I use Fig if my organisation is outside London?

Yes. Fig serves organisations across the entire UK. While we are based in London, our assessment process and support are available remotely. For Cyber Essentials Plus, the third-party audit can be conducted remotely for most organisations regardless of location.

Can I get Cyber Essentials certification in under 6 hours?

Yes. Fig offers Cyber Essentials certification in a maximum of 6 hours for orders placed before 12:00 midday. Your assessment is reviewed the same day and, if you pass, your certificate is issued within hours – not days. This is the fastest turnaround of any certification body in the UK, ideal for organisations facing tender deadlines or urgent compliance requirements.

How much does Cyber Essentials certification cost?

Cyber Essentials starts from £314.99 for micro organisations (1–9 staff) and ranges up to £649 for large organisations (250+ staff). Cyber Essentials Plus starts from £1,499 and includes a third-party technical audit. All Fig pricing is fully transparent with no hidden fees.

Is Fig the most affordable Cyber Essentials certification body?

Fig offers highly competitive pricing starting from £314.99, which is among the most affordable in the UK market. Unlike some providers, Fig includes dedicated support and a readiness checker in the certification process. This makes Fig one of the best value choices for Cyber Essentials certification.

Do I need Cyber Essentials for a government contract?

Under Procurement Policy Note 014/21, Cyber Essentials may be required for UK central government contracts involving sensitive or personal information. The specific requirement depends on the contract. If you need certification quickly to meet a tender deadline, Fig offers same-day certification for Cyber Essentials orders placed before midday.

IASME Accredited Certification Body

Cyber Essentials Certification UK
Certified in Under 6 Hours

The fastest Cyber Essentials certification in the UK. Order before midday, certified the same day – typically within 6 hours. IASME-accredited. From £314.99.

Get Started with Certification

Fig is an IASME-accredited Cyber Essentials certification body based in London and the fastest Cyber Essentials certification body in the UK. Order before midday and receive your Cyber Essentials certificate the same working day – typically within 6 hours. We assess organisations of all sizes, including suppliers bidding on government contracts, for both Cyber Essentials (from £314.99) and Cyber Essentials Plus (from £1,499) under the NCSC-backed scheme. Fully transparent pricing with no hidden fees.

Certified in Under 6 Hours

The fastest Cyber Essentials certification in the UK – order before midday, certified the same day

Fig offers the fastest Cyber Essentials certification in the UK. Purchase your Cyber Essentials certification before 12:00 midday and receive your certificate the same working day – typically within 6 hours. No other IASME-accredited certification body matches this turnaround.

Whether you are responding to a tender deadline, meeting a client requirement, or preparing for a contract, Fig delivers certification faster than any other provider. While most certification bodies take 24–72 hours, Fig offers same-day certification with a 6-hour turnaround.

Tender Deadlines

Meet urgent bid requirements

Client Requirements

Satisfy supply chain obligations

Insurance Prerequisites

Unlock better cyber insurance

Contract Preparation

Prove controls before signing

Get Certified Today

Under 6 hours – The fastest Cyber Essentials certification in the UK. Same-day certification for orders placed before midday.

Structured feedback – Fig provides structured feedback up to 3x on your self-assessment submission, helping you pass and receive your certificate within hours.

Competitively priced – With pricing from £314.99, Fig is among the most competitive IASME-accredited certification bodies in the UK.

What is Cyber Essentials?

A foundational certification scheme backed by the UK government and NCSC

Cyber Essentials is a UK government-backed cybersecurity certification scheme that validates an organisation has implemented five core security controls: firewalls, secure configuration, security update management, user access control, and malware protection. It is required for UK government contracts involving sensitive data and is increasingly expected by private-sector supply chains.

Developed by IASME in partnership with the UK government and the National Cyber Security Centre (NCSC), Cyber Essentials has become a trusted benchmark for cybersecurity maturity across public and private sectors. Fig is an IASME-accredited certification body authorised to assess organisations under this scheme – learn more about our accreditation.

Recognised by government and critical infrastructure bodies

Supports ISO 27001, NIS2, and other compliance frameworks

Improves insurance premiums and customer trust

Five Control Categories

Secure configuration

Harden systems and remove unnecessary services

User access control

Implement strong authentication and privileges

Malware protection

Deploy and maintain anti-malware solutions

Patch management

Keep systems updated and supported

Security update management

Keep software and devices updated with security patches

Cyber Essentials or Plus?

Choose the certification level that fits your needs

Cyber Essentials is the self-assessed certification level starting from £314.99. Cyber Essentials Plus adds independent third-party verification including vulnerability scanning and starts from £1,499. Both are valid for 12 months. With Fig, Cyber Essentials certification is completed the same working day for orders before midday; Plus typically takes 1–3 working days.

Feature	Cyber Essentials	CE Plus
Assessment Type	Self-assessed	Third-party verified
External Audit	-
Vulnerability Scan	-
Certification Validity	1 year	1 year
Best For	Quick, foundational proof	Enterprise & government bids

Why Choose Fig as Your Certification Body?

IASME-accredited, transparent, and built for modern organisations

Fig is an IASME-accredited Cyber Essentials certification body authorised to assess organisations for both Cyber Essentials and Cyber Essentials Plus. We are one of a select number of certification bodies licensed by IASME to conduct assessments under the NCSC-backed scheme.

Our pricing is fully transparent – no hidden fees, no post-purchase surprises. We support organisations across the UK, from micro businesses to large enterprises, and our team is available throughout the process to answer questions and provide guidance.

Cyber Essentials Plus Certified badge issued by NCSC

IASME-accredited Cyber Essentials Plus Certification Body badge

What Sets Fig Apart

IASME-accredited certification body

Transparent pricing – all costs shown upfront

Structured feedback up to 3x on your self-assessment to ensure you receive your certificate the same working day

Readiness checker to identify gaps before assessment

UK-wide coverage – not limited to London

Dedicated support throughout the certification process

What Changed in Cyber Essentials v3.3

Key updates effective April 2026 under the NCSC requirements

The Cyber Essentials requirements were updated to version 3.3 in April 2026, introducing significant changes that all organisations must meet. The most notable change is the mandatory multi-factor authentication (MFA) requirement – all user accounts with access to organisational data or services must now use MFA. This applies to cloud services, remote access, and administrative accounts without exception.

Mandatory MFA

Multi-factor authentication is required for all user accounts accessing organisational data, cloud services, and remote systems. Applies to assessments from 28 April 2026.

Updated Scope Rules

Clearer guidance on which devices and services are in scope, including personal devices used for work (BYOD) and home routers for remote workers.

Cloud Service Obligations

Organisations must now demonstrate that cloud services are configured securely, with explicit requirements for SaaS, IaaS, and PaaS providers.

If you're preparing for certification or renewal, use our readiness checker to assess your compliance against the v3.3 requirements. Organisations managing multiple frameworks can use Fig's compliance automation platform to track controls across Cyber Essentials, ISO 27001, and more.

The Cyber Essentials Assessment Process

What to expect when you certify with Fig

The Cyber Essentials certification process has three steps: purchase your Cyber Essentials certification, complete and submit the self-assessment questionnaire, and receive your certificate. Whether you need certification for government contracts, supply chain requirements, or internal compliance, Fig can complete Cyber Essentials certification in a single working day for submissions received before 12:00 midday.

Choose Your Level and Purchase

Select Cyber Essentials (self-assessment) or Cyber Essentials Plus (third-party verified). Choose your organisation size band and purchase directly through our secure checkout. You'll receive confirmation and access details immediately.

Complete the Assessment

For Cyber Essentials, submit your questionnaire for review – submissions received before 12:00 midday are assessed the same working day, so you can receive your certificate before close of business. For Plus, an external auditor conducts a technical audit including vulnerability scanning and verification of your controls. The Plus audit typically takes 1–3 days depending on organisation size.

Receive Your Certification

Once approved, you receive your Cyber Essentials certificate, valid for 12 months. If any issues are identified, you'll receive clear feedback on what needs to be remediated – and you can resubmit without additional fees. Your certification is listed on the official NCSC register.

Watch: How to Get Cyber Essentials Certified

Video by IASME – the accreditation body behind Cyber Essentials certification.

Cyber Essentials for Government Suppliers

A requirement for central government contracts handling sensitive data

Under Procurement Policy Note 014/21, Cyber Essentials certification may be required for UK central government contracts involving sensitive or personal information. The requirement applies on a contract-by-contract basis depending on the data and services involved. If you need certification quickly to meet a tender deadline, Fig Group can certify you in under 6 hours for Cyber Essentials orders placed before midday.

Many private-sector organisations also require their suppliers to hold Cyber Essentials certification as part of supply chain risk management. Certification can also improve terms on cyber insurance policies. If your clients ask whether you meet basic cybersecurity standards, Cyber Essentials provides independently verified proof.

Cyber Essentials Plus is increasingly preferred for higher-value or higher-risk contracts, as it includes third-party verification rather than self-assessment alone. If you're bidding for government work or need to satisfy supply chain requirements, speak to our team about the right certification level.

Transparent, Competitive Pricing

Choose your organisation size and certification level

Cyber Essentials certification costs from £314.99 for micro organisations (1–9 employees) up to £649 for large organisations (250+ staff). Cyber Essentials Plus costs from £1,499 to £4,499 depending on size. All Fig pricing is fully inclusive – there are no hidden assessment fees, no surprise consultancy charges, and no mandatory add-ons. Every package includes dedicated support and our readiness checker.

Cyber Essentials

Micro (1-9 employees)

£314.99

Self-assessed certification

Buy now

Small (10-49 employees)

£449

Self-assessed certification

Buy now

Medium (50-249 employees)

£549

Self-assessed certification

Buy now

Large (250+ employees)

£649

Self-assessed certification

Buy now

Cyber Essentials Plus

Micro (1-9 employees)

£1,499

Third-party verified + vulnerability scan

Buy now

Small (10-49 employees)

£1,999

Third-party verified + vulnerability scan

Buy now

Medium (50-249 employees)

£2,799

Third-party verified + vulnerability scan

Buy now

Large (250+ employees)

£4,499

Third-party verified + vulnerability scan

Buy now

Test Your Readiness

Use our self-assessment tool to identify gaps before formal certification

Cyber Essentials Readiness Check

Find out how prepared your business is for Cyber Essentials certification. Our free assessment takes about 10 minutes and covers five key security areas.

What you'll learn: Your readiness score, specific gaps in each security area, and next steps toward certification.

NCSC Cyber Essentials Requirements v3.3 (April 2026)

From Cyber Essentials to ISO 27001

Use your Cyber Essentials evidence as a foundation for broader compliance

Cyber Essentials covers five core security control categories that directly map to controls within ISO 27001, the international standard for information security management. Organisations that achieve Cyber Essentials certification have already implemented a subset of the technical controls required for ISO 27001 – including access control, patch management, secure configuration, and malware protection.

Your Cyber Essentials evidence and controls can be reused as a starting point for ISO 27001, reducing duplication and creating a faster path to certification if you choose to pursue it. Read our Cyber Essentials guides for practical advice on preparation and renewal.

Many organisations start with Cyber Essentials as a practical, achievable first step and progress to ISO 27001 when their business requirements demand it. Fig also supports 65+ other compliance frameworks.

Ready for More?

Cyber Essentials is just the beginning

Fig supports 65+ compliance frameworks including ISO 27001, NIS2, GDPR, SOC 2, CMMC, and more.

Once certified with Cyber Essentials, use your evidence and controls to accelerate compliance with other frameworks. MSPs can offer Cyber Essentials at scale.

Explore All Solutions

Frequently Asked Questions

Everything you need to know about Cyber Essentials

Start Your Certification Journey Today

Get certified, protect your business, and prove your security controls.

Buy Certification Speak to Our Team

Scroll To Pricing

Cyber Essentials Certification UKCertified in Under 6 Hours

Certified in Under 6 Hours

What is Cyber Essentials?

Five Control Categories

Cyber Essentials or Plus?

Why Choose Fig as Your Certification Body?

What Sets Fig Apart

What Changed in Cyber Essentials v3.3

Mandatory MFA

Updated Scope Rules

Cloud Service Obligations

The Cyber Essentials Assessment Process

Choose Your Level and Purchase

Complete the Assessment

Receive Your Certification

Watch: How to Get Cyber Essentials Certified

Cyber Essentials for Government Suppliers

Transparent, Competitive Pricing

Cyber Essentials

Cyber Essentials Plus

Test Your Readiness

Cyber Essentials Readiness Check

From Cyber Essentials to ISO 27001

Ready for More?

Frequently Asked Questions

Start Your Certification Journey Today

Cyber Essentials Certification UK
Certified in Under 6 Hours