Take your security to the next level with CE+ Cyber Essentials+ (CE+) follows the same principles as CE but with the addition of independent testing which requires an on-site technical assessment. The self-assessment questionnaire and external vulnerability scan are utilised, as with the Basic level. However, Candy MC partners use specially, tailored vulnerability criteria, targeting your organisations internet facing infrastructure, workstations and servers. These tests will highlight any security issues that were not captured in the self-assessment. This will also provide you with peace of mind that your current software builds, and software are meeting minimum security requirements.
The time required to complete CE+ depends on the size of your organisation, however a minimum of 3 days will be required in order to complete the assessment, reporting and certification processes. CE+ is the more extensive Cyber Essential of the two, due to the addition of a technical assessment. By showing you’ve undertaken a more thorough check, you’re providing greater confidence to organisation associates that you’re able to protect your own assets and give due consideration to your cyber security. Being advocates of best security practice we would recommend CE+ for all organisations of any size. It provides a thorough and impartial validation of your organisation’s present security exposure, giving stakeholders greater assurance. With either certification, you will decide the systems and devices to be in the scope of your assessment. It may be that you only wish to include the desktop environment and omit mobile (BYOD) devices. All areas of the CE+ questionnaire are compulsory and guidance on the pass/fail criteria is provided.