Cyber Essentials is a UK government-backed certification scheme developed by IASME (the Information Security Accreditation Membership Body). It validates that your organisation has implemented essential cyber hygiene controls based on the NCSC (National Cyber Security Centre) guidelines. The certification demonstrates your commitment to cybersecurity best practices and helps protect against common cyber attacks.

CE Baseline is a self-assessed certification covering 5 core control categories. CE Plus adds an independent, third-party verification layer - an external auditor reviews your controls, conducts penetration testing, and performs vulnerability scanning. CE Plus is more rigorous and carries greater credibility with customers, insurers, and partners.

Any organisation can benefit from CE certification. It's particularly valuable if you: are a contractor bidding for government or critical infrastructure contracts, work with sensitive data, want to demonstrate cyber controls to customers or insurers, or need compliance evidence for frameworks like NIS2 or ISO 27001.

Cyber Essentials certification is valid for one year from the date of assessment. You'll need to re-certify annually. Many organisations use Fig's platform to maintain ongoing compliance and evidence collection, making annual renewal straightforward.

Our readiness checker is a guided self-assessment tool based on the NCSC Cyber Essentials Requirements v3.3 (April 2026). It walks you through each control, asks targeted questions, and provides immediate feedback on your readiness. Use it to identify gaps before formal assessment.

Yes. Fig helps you prepare for assessment by automating evidence collection across your IT environment. Our compliance automation module maps your controls to CE requirements, gathers supporting evidence, tracks remediation, and keeps everything audit-ready. This significantly reduces the time and effort required for certification.