Cyber Essentials FAQs

KEYSIGMA are one of the select few, elite certification bodies who are also an National Cyber Security Centre (NCSC) approver cyber advisory, meaning that we are qualified, capable and authorised to give you advice on how to comply with the Cyber Essentials standard.

All of KEYSIGMA’s cyber essentials packages are offered at a fixed price and we do not change you until we have guided you towards your Cyber Essentials certificate.

The first stage of the assessment process is the gap analysis. In the gap analysis, the KEYSIGMA consultant will analyze the gap between your current systems and the Cyber Essentials standard. If gaps are identified, the KEYSIGMA consultants will provide you with guidance to support you to implement changes to make you Cyber Essentials compliant. 

The KEYSIGMA support will continue until you achieve the Cyber Essentials standard, at which point you will be issued with your Cyber Essentials certificate.

Any company using unsupported software in the scope of the assessment will fail to achieve Cyber Essentials certification.

No. KEYSIGMA will provide you with detailed feedback and tailored guidance on how to bring your organisation into compliance with the standard. This differentiates KEYSIGMA’s Cyber Essentials service from many of our competitors who charge for each attempt.

You will have 12 months from the date of application to complete and submit your assessment.

After this time, your account may be closed.

Cyber Essentials certificates are valid for 365 days from the date of issue.

You can download all the self-assessment questions in pdf and excel format free of charge on the IASME website

For further information contact info@keysigma.co.uk or call +44 (0)1242282003.

You need to be compliant in nearly all the questions to pass the Cyber Essentials assessment. In particular, you will not be able to attain Cyber Essentials if you are using unsupported software within the scope of the assessment.

KEYSIGMA will provide you with comprehensive answers to any questions that you may have in the certification process. 

You do need to enter all the information each time you certify. This serves as an annual review of your cyber security. Please note, some of the questions may have been updated and changed. Please remember to keep a copy of your answers when you submit so you can refer to them when you recertify the following year.

We will email you with a reminder roughly a month before you have to be recertified.

This is wholly dependent upon your effort, timeline and current level of security controls.

Typically the process takes 3 weeks, but we have certified organisations within 1 day. We work at your pace!

Yes, organisations overseas are able to get certificates and we are fluent in many languages. 

Cyber Essentials Plus starts with the Cyber Essentials verified self-assessment questionnaire but also includes a technical audit of the organisation’s systems to verify that the Cyber Essentials controls are in place.

The controls for Cyber Essentials and Cyber Essentials Plus are exactly the same but the level of assurance is different. Cyber Essentials Plus offers a higher level of assurance as the controls have been checked by a third party to ensure they are correctly implemented.

Cyber Essentials Plus involves a technical audit of the systems that are in-scope for Cyber Essentials. A full description of the Cyber Essentials Plus tests can be found here.

The Cyber Essentials question set is part of the Cyber Essentials Plus certification process. If you have achieved the verified self-assessment Cyber Essentials certification less than 3 months before certifying to Cyber Essentials Plus you will not need to repeat the self-assessment questions stage.


You can display the Cyber Essentials badge on your website and/or in your email signatures.

Need help with more questions?

Schedule a free 30 minute consultation with a KEYSIGMA Cyber Advisor