CE Plus speed

Cyber Essentials Plus, in 1-3 working days.

The fastest realistic Cyber Essentials Plus route for prepared organisations. Same-day Cyber Essentials baseline followed by a 1-3 working day independent technical audit. Same NCSC-backed scheme, faster planning, transparent timeline.

Buy CE Plus Micro Talk to an assessor

1-3 days

Plus audit turnaround for prepared organisations

6 hours

Same-day Cyber Essentials prerequisite if needed

0 weeks

No quarterly batch scheduling

Why we are the fastest

Speed comes from how Plus is sequenced

Plus is naturally slower than CE because the scheme requires real-world technical testing. We compress the timeline by removing three things that usually delay Plus engagements at other CBs.

01 · Baseline in 6 hours

CE prerequisite, same day

Plus depends on a current Cyber Essentials certificate. We issue CE within 6 working hours of compliant submission - so the prerequisite is not a multi-week bottleneck before the Plus audit even starts.

02 · Audit window scheduled at booking

No queue, no waiting list

Plus engagements are scheduled into a named assessor's calendar at the point of purchase, not slotted into a quarterly batch. Most engagements complete inside the first available 1-3 working day window.

03 · Pre-audit gap analysis

Issues fixed before the audit

The Fig platform runs automated checks across MFA coverage, patch status, internet-facing services, and sample devices before the assessor opens the audit. First-pass rates are high because surprises are surfaced in advance.

The 1-3 day timeline

What happens, day by day

Five phases from purchase to certificate. The total clock depends on whether you already hold Cyber Essentials and how quickly devices are made available for testing.

Day 0
Buy and scope
Purchase the right tier. Scope confirmation runs immediately - device sample, internet-facing services, audit window booked.
Day 0-1
CE prerequisite
If you don't already hold Cyber Essentials, the baseline is issued the same day for compliant submissions before midday on a UK business day.
Day 1-2
External vulnerability scan
Scan runs against your declared internet-facing services. Results delivered with remediation guidance for any high or critical findings.
Day 2-3
Remote technical audit
Assessor verifies sampled devices remotely - secure config, MFA, patching, malware protection. Most audits close on day three.
Day 3
Certificate issued
Pass: NCSC-backed Cyber Essentials Plus certificate issued, valid for 12 months. Findings: structured feedback returned with remediation paths.

Be ready before you buy

What ready looks like

Six things to have in place. Each one is straightforward in isolation - it’s the missing one or two that usually push Plus from 1-3 days into a multi-week engagement.

Current or in-progress Cyber Essentials certificate covering the same scope

A representative sample of devices available for remote testing in the audit window

Internet-facing services patched and free of known high or critical vulnerabilities

MFA enforced on all cloud admin and remote-access accounts

A named technical contact who can answer scope questions in real time

Confirmed organisation size band (Micro / Small / Medium / Large)

Common blockers

What slows Plus down

The four most common reasons Plus engagements miss the 1-3 day window. Recognise them in advance and the speed claim holds.

Sampled devices not available

The scheme requires real device testing. If devices are off, in transit, or behind locked-down VPN policies, the audit pauses until they are reachable.

High-severity scan findings

A high or critical CVE on an internet-facing service blocks certification. Remediation is straightforward but stops the clock until the next clean scan.

Scope changes mid-audit

New sites, services, or device types added after audit start trigger a re-quote and reset the assessment window.

Missing CE baseline

Plus cannot be issued without a current Cyber Essentials certificate. Run the CE prerequisite the same day you buy Plus to avoid sequential delays.

FAQ

Speed questions answered

Can Cyber Essentials Plus be completed in one day?

Usually no. The Plus audit requires an external vulnerability scan, sampled device testing, and assessor review - typically 1-3 working days end-to-end for a prepared organisation. The fastest realistic timeline is 24-48 hours when CE baseline is already in place and devices are immediately available.

How does Fig deliver Plus faster than other CBs?

Three structural differences. (1) Plus engagements are scheduled into a named assessor's calendar at booking, not batched. (2) The Fig platform runs automated pre-audit gap analysis so issues are surfaced before the assessor starts. (3) The CE prerequisite is delivered same-day so it does not become a multi-week bottleneck.

What slows a Plus audit down?

Four things, in order: missing CE baseline, sampled devices unavailable in the audit window, high or critical vulnerabilities on internet-facing services, and mid-audit scope changes. The first three are usually fixable in days; scope changes trigger a re-quote.

What if I don't already have Cyber Essentials?

Buy both. Fig issues Cyber Essentials within 6 hours for compliant submissions, so the prerequisite slots in same-day. Combined CE + CE Plus engagement typically completes in 2-4 working days for a prepared organisation.

How is the audit window booked?

At the point of purchase. Once you check out and confirm scope, your dedicated assessor and audit window are scheduled into the calendar - no separate booking call required for standard engagements.

Does fast certification mean a lighter audit?

No. The same NCSC-backed IASME scheme requirements apply, the same external vulnerability scan runs, the same sampled devices are tested. The certificate is identical to one issued under any longer timeline.

Cyber Essentials trust evidence

The buyer evidence to check before you purchase

This block keeps the commercial claims close to the final decision point: licence, speed, pricing, reviews, and the important difference between Cyber Essentials and Cyber Essentials Plus.

Open Google profile

Licence

IASME-licensed Plus route

Cyber Essentials Plus is delivered as an IASME-backed technical verification route after Cyber Essentials, with licence evidence available for procurement checks.

Verify IASME licence

Scope

Plus is not the 6-hour product

The 6-hour guarantee applies to Cyber Essentials self-assessment only. Plus adds technical audit work, sampled device testing, and remediation scheduling.

Review Plus scope

Pricing

Published Plus pricing

Cyber Essentials Plus pricing is published by organisation size so buyers can compare cost before booking a technical audit.

Review Plus pricing

Reviews

Evidence-led buying check

Use Fig trust pages, Google review signals, and the official scheme sources to verify claims before committing to a Plus assessment.

Review trust evidence

Practical rule: buy Cyber Essentials when the requirement asks for baseline certification. Buy Cyber Essentials Plus only when the buyer, insurer, or framework specifically asks for the audited technical verification layer.

Cyber Essentials hub Cyber Essentials Plus Claim evidence

Plus, on a published timeline.

Pick your tier. Have the readiness checklist in place. We schedule the audit at booking and issue the certificate within 1-3 working days.