Our UK Cyber Essentials, Cyber Essentials Plus and ISO 27001 services

Data is one of the most important assets a business has, and protecting it from compromise, corruption or total loss is of paramount importance. The Cyber Essentials and Cyber Essentials Plus services and ISO 27001 framework exist to help organisations with their information protection needs.

ISO 27001

ISO 27001 aims to protect information regardless of where it is found (paper, information systems, digital media etc).

Cyber Essentials Plus

Our UK Cyber Essentials and Cyber Essentials Plus services aim to protect data and programmes on networks, computers, servers and other elements of an IT infrastructure.

Our team of security and compliance experts can help businesses become certified to both frameworks, giving you and your customers reassurance that data is secure.

ISO 27001 Framework

ISO 27001 can be a complex and time-consuming activity so why not enlist the help of our security and compliance teams who, can conduct a Cyber Essentials or Cyber Essentials Plus audit, having been through our own certification process several times. They can carry out a Cyber Essentials company check and are in a great position to complete this process for you. Our UK based Cyber Essentials services can:

1

Establish the scope of the ISMS (Information Security Management System)

2

Perform a gap analysis against ISO27001 controls

3

Create an asset register and risk assessment

4

Create the policies and establish the organisation of the ISMS including roles and responsibilities

5

Embed the policies and procedures through staff awareness and implementation of processes

6

Take your business through the Cyber Essentials or Cyber Essentials Plus audit

Cyber Essentials Framework

The Cyber Essential Certification is a Cyber Essentials audit built around five basic technical controls, specifically designed to prevent the most common cyber-attacks, which include malware, ransomware, and phishing. Obtaining this standard enables certified organisations to demonstrate and reassure their customers that they are serious about safeguarding the integrity of their data.

Assessment

Internet Connection

Boundary firewalls and Internet gateways

Compliance Services

Devices & Software

Securest settings and minimum functionality

Threat detection

Access Control

Least privilege and reduced access control

All round protection

Viruses & Malware

Protect yourself from viruses and other malware

Framework compliance

Continuous Patching

Ensure devices and software are kept updated

Our Cyber Essentials and Cyber Essentials Plus Services Bundles

Our four bundles offer varying Cyber Essentials services with differing support levels towards obtaining your certification. Whether that’s a simple Cyber Essentials company check, or our Cyber Essentials Plus package. Each tier works to ensure you are compliant with the standards set by IASME and provides a one-time certification at the point of completion and must be renewed each year.

Assessment Only
I have answered the CE Assessment questionnaire. I require an assessor to review my submission		 Advise: Cyber Essentials
I wish to confirm my policies and devices meet the CE requirements before assessment		 Advise: CE Plus
I wish to confirm my policies and devices meet the CE+ requirements before assessment		 Consult & Secure
I’m unsure of my Security posture and want my organisation to be reviewed against CE controls

Question Set Consultancy

Q&A of Cyber Essentials Question Set with a Cyber Essentials qualified Security Professional

 Email only Orange Check Orange Check Orange Check

Policy Consultancy

Review of your written policy controls and verification that they apply to the Cyber Essentials assessment criteria

 Orange Check Orange Check Orange Check

Threat and Vulnerability Scan

Threat and Vulnerability scan of your network, includes detailed report with suggested remediation action for each item

 Up to 20 External IP addresses (optional) Up to 20 External IP addresses and 3x Internal subnets Up to 20 External IP addresses and 3x Internal subnets Up to 100 External IP addresses and all Internal subnets that are routable

Cyber Essentials Plus Sample Audit

Conduct a mock audit of a sample of devices against the controls for Cyber Essentials Plus. Up to 15 devices

 Orange Check Orange Check

Secure Configuration Discovery

A review of technical controls (e.g., GPO, Intune Policy) that you deploy to control your devices and users

 Orange Check

Asset and Malware Protection Discovery

Network scan of your environment to identify the Hardware, Operating Systems and Applications in scope

 Orange Check

Network Boundary Access Control Review

A review of your boundry Network Access Rules and Firewall Security Up to 5 Firewalls and Routers

 Orange Check

Report

A detailed report on Gaps to be closed against the Cyber Essentials standard including a detailed remediation plan

 Orange Check Orange Check Orange Check

Cyber Essentials Assessment

Managed Submission to governing body and assessment. Submission of CE assessment to IASME incurs a charge, this is included

 Orange Check Orange Check Orange Check Orange Check

Cyber Essentials Plus Audit

Audit & Managed Submission to governing body and assessment. Submission of CE assessment to IASME incurs a charge, this is included

 Orange Check Orange Check
Effort: £900 £2,500 £4,200 £7,500
Additional Services
Intensive remediation scoped on per project basis
Managed Security Service available, scoped separately

Managed Cyber Essential and Cyber Essentials Plus Services

Once Cyber Essentials or Cyber Essentials Plus certification has been achieved, we recommend you keep your security posture maintained to this standard on an ongoing basis using our Managed Cyber Essentials service. Our team of security experts will manage, report on, and remediate any technical issues and ensure your annual re-certification is trouble-free.

Asset discovery

Asset discovery

Patch management

Patch management

Network device management

Network device management

Threat and vulnerability and scan and report

Threat and vulnerability & scan and report

Antivirus management

Antivirus management

Firewall NAT and access rules review and remediation

Firewall NAT and access rules review and remediation

Software firewall status review and remediation

Software firewall status review and remediation

Local user account review and remediation

Local user account review and remediation

Security / GPO Policy review

Security / GPO Policy review

Administrative account report

Administrative account report

Catch22 Logo
Catch22 is now Cyber Essentials Plus certified, thanks to Wanstor and its incredible UK Cyber Essentials team for guiding, assisting and working with us to the tightest of deadlines. The team have all gone above and beyond to keep Catch22 on track and get us over the line, without their dedication, long hours, and effort we wouldn’t have reached this milestone. Wanstor truly is an amazing partner and a pleasure to work with. We look forward to our next project!"

Catch22

More about our Cyber Essentials and ISO Consultancy Services

Stylish Restaurant Interior
Download our Cyber Essentials datasheet
Choosing the right Managed Service Provider
Chat to one of our Solution Experts about how technology can enable your business.

Why should you undertake a Threat and Vulnerability Assessment?

  • External scan of your network and infrastructure
  • Identify known vulnerabilities and readily available exploits
  • Receive tailored recommendations and remediation actions
Image of Wanstor IT Logo