Cookies policy

The SRM website uses cookies to store information on your computer. By continuing to browse this website you are agreeing to our use of cookies. Learn more

The cookies stored on your computer when using the SRM website are used to anonymously record your usage of the website using Google Analytics.

Please read our privacy policy for further information.

Cookies accepted

Thank you - you've accepted our cookies policy.

Cyber Essentials

Cyber Essentials Certification

Do you need to do it?

Anyone bidding for a new Government contract must have Cyber Essentials certification.

Those already holding contracts will need to be Cyber Essentials accredited when their current contracts expire. This applies to all associated businesses however large or small. It also extends from large data-rich organisations such as banks to SMEs and sole traders.

The new ruling reflects a general trend toward recognised cyber security practices and it is likely that certain minimum standards will be applied in future to other state-funded organisations like the NHS or education. Cyber Essentials is also being adopted across the wider business world.

days until GDPR D-Day

Cyber Essentials is a government-backed, industry supported scheme to help organisations protect themselves against common cyber-attacks. At the moment it is voluntary but desirable because it protects you and your clients’ data thus saving both money and reputation.

It also anticipates the trend toward recognised cyber security practice and those embracing Cyber Essentials will be well placed when the new GDPR legislation comes in May 2018. That is days from today!

GDPR will be a legal requirement for everyone in all sectors and whatever size

Key dates between now and adoption of GDPR

Why should I do it?

With over £50 billion in annual online retail sales in the UK, it is becoming increasingly essential for businesses of all sizes to protect their customers from all types of potential fraud. For at the same time as Internet sales have increased, so has the capability of online fraudsters. And with alarmingly regular reports detailing the thefts of both personal and financial data, online shoppers are also wising up to the inherent risks of dealing with companies that do not adhere to recognised online safety measures.

At a glance, the benefits of Cyber Essentials certification are
  • It shows commitment to security; demonstrating to business partners, regulators and suppliers that cyber security is taken seriously

  • It is a mandatory requirement for government suppliers and for all public service contracts

  • It enables a business to safeguard commercially sensitive data

  • It protects a company’s profits and reputation by avoiding the financial implications any negative publicity associated with a cyberattack

  • It provides a competitive advantage, particularly in comparison to rivals without accreditation

What does Cyber Essentials certification entail?

The scheme provides five fundamental technical security controls that an organisation needs to have in place to defend against the most common form of cyberattacks emanating from the Internet. These controls are then independently assessed for Cyber Essentials accreditation.

  • Boundary firewalls and internet gateways

    Boundary firewalls and internet gateways

    these must be designed to prevent unauthorised access to or from private networks

  • Secure configuration

    Secure configuration

    ensuring that systems are configured in the most secure way for the needs of the organisation

  • Access control

    Access control

    ensuring only those who should have access to systems have access at the appropriate level

  • Malware protection

    Malware protection

    ensuring that virus and malware protection is installed and is it up to date

  • Patch management

    Patch management

    ensuring the latest supported version of applications is used and all the necessary patches supplied by the vendor have been applied

The process

For some companies the process is as simple as completing an online self-assessment form for a flat fee (which includes £200 payable to IASME for each assessment). Most businesses have a degree of complexity, however, and in order to complete the assessment process they will require technical support in a number of areas including evidence gathering and GAP analysis.

The level of technical support depends on the complexity of a business together with the appetite of Security Manager or CEO to tackle the process. Expert advice will help with the navigation of the process in a cost-effective manner and will ensure that full compliance is achieved. The time allocations quoted are approximate depending on the complexity of the application and need not necessarily be taken in one block but may be used over a period of time as the application progresses.

SRM is a certified body to assess and assist in the Cyber Essentials certification procedure. When working with a business on Cyber Essentials certification we work in full collaboration with our clients, providing resource and support as required.

SRM Portal

The SRM portal is provided to SRM clients who are in the process of completing their submission. This is a secure portal providing access to SRM consultants who will be able to help answer the questions required by the scheme.

There is also access to documented FAQs. These are a set of helpful hints and tips for clients, which will enable them to understand how to use the portal and what level of detail is required in their answers.

SRM Cyber Essentials Certification Options


Basic self-assessment

  • Documented FAQs

  • Access to SRM Portal

  • * Free assessment if submitted within a month of a fail

∗The free assessment will be offered as a chance to resubmit your self-assessment without any assistance. Should you decide you require assistance we will offer a either of the additional packages for the difference in cost.


Self-assessment offsite

  • Basic offsite support to provide initial phone consultancy to run client through the assessment process and conduct a GAP analysis

  • Questionnaire provided to the client to assist in gathering evidence prior to the GAP analysis

  • Documented FAQs

  • Access to SRM portal

  • Free assessment if submitted within a month of a fail

  • Time allocation 2 - 4 hours

  • One full day onsite support providing consultancy session to go through the assessment process

  • Includes GAP analysis to determine existing compliance and requirements; answers will be populated in the assessment throughout the GAP analysis session

  • Compliance road map identifying any remedial actions to be performed and enough understanding to complete the assessment

  • Provision of a technical resource onsite to address technical remediation. The technical resource individual will also provide policy and procedures where there is any gap.

  • Provision of resource to implement hardware and software solutions, but not for the solutions themselves.

  • Documented FAQs

  • Access to SRM portal

  • Free assessment if submitted within a month of a fail

  • Time allocation (one working day)

  • Additional time may be purchased for substantitive fixing

What do I do next?

To find out more about how SRM can help you gain Cyber Essentials certification, please fill out the form below, or call us on 03450 21 21 51 to talk to one of our experts.

Get your free copy of SRM's Guide to Cyber Essentials

To find out more and get a free copy of the exclusive SRM Guide to Cyber Essentials, please fill out the form below.

Oops! We could not locate your form.

Thanks, we've received your details.

We'll be in touch shortly to discuss your requirements. In the meantime, please download your exclusive free copy of SRM's Guide to Cyber Essentials below.

Download your free copy