Cyber Essentials Certification Body

We’re pleased to announce that Ambersail is a Cyber Essentials Certification Body and we can help you achieve either Stage 1 or Stage 2 compliance as required.

Cyber Essentials is a UK Government-sponsored scheme open to organisations of all sizes.  It includes a formal certification showing adherence to a basic set of information security controls.

It is designed to give confidence that the organisation being assessed is effectively addressing the cyber security risks that could lead to the loss of confidential data or other business disruption. Organisations will need to re-certify each year to maintain compliance.

Stage 1: Cyber Essentials


If you’re new to the scheme, this is the place to start. You’ll need to answer a self-assessment questionnaire, which you will also need to sign. Your responses will be independently reviewed by Ambersail to ensure that you understand the questions being asked, and that you have provided a satisfactory answer. Then, a vulnerability scan will be conducted which will also feed in to the assessment.

Once the questionnaire has been signed and reviewed, and the scan conducted successfully, your Cyber Essentials certificate & badge will be issued.

Stage 2: Cyber Essentials PLUS

ce-badge-plusThis is a more thorough assessment. The underlying requirements of Stage 2 are the same as Stage 1. However Stage 2 requires that compliance with the standard is independently validated by a Cyber Essentials Certification Body  such as Ambersail, rather than solely by self-assessment. In order to validate your compliance, Ambersail will conduct a number of additional technical tests of your network and associated systems to ensure that you comply with the standard.

What’s Covered?

The first task is to determine which parts of your organisation should be part of the assessment. After that, there are 5 key areas to cover.

  1. Boundary firewalls and Internet gateways: Your network should have a properly configured firewall
  2. Secure configuration:  Default configurations are often vulnerable, and devices should only offer the services necessary to fulfil their intended role
  3. User access control: Only authorised users and administrators should be allowed. Access should be provided at the minimum level required for all systems.
  4. Malware protection:  Protection is required against computer viruses, spyware and other unauthorised or malicious software.
  5. Patch management: Software and systems should have the latest security patches installed.

We’re here to help

Need help, or have more questions? You can get in touch with us here.

Leave a Reply