The Cyber Essentials Scheme is a government initiative helping organisations of all sizes guard against common internet threats. Certification also signals trustworthiness to customers and business partners.

Five Technical Controls Covered: Securing internet connections (firewalls/routers), securing devices and software (secure configuration), controlling access to data and services, protection against malware, and keeping devices and software updated.

The scheme offers two levels: self-assessed/independently verified, and a higher "Plus" level with independent technical audit.

Cyber Essentials: The basic level uses a questionnaire with eight sections. All questions must be answered and approved by a board-level representative, who signs a declaration confirming accuracy. Forti5's trained assessors can help organisations understand the requirements.

Cyber Essentials Plus: Builds on the standard questionnaire by adding an independent technical audit verifying controls are actually in place. The audit covers a representative set of user devices, all internet gateways, and servers accessible to unauthenticated internet users. Assessors test roughly 10% of systems, with further testing if needed. A passed Cyber Essentials self-assessment is a prerequisite, though Forti5 can run both simultaneously.

IASME Cyber Assurance: Aimed at SMEs, this certification demonstrates both cyber security posture and information governance at realistic cost, addressing GDPR compliance. It is aligned to a similar control set as ISO 27001 but is more practical, affordable and achievable for smaller organisations.

It complements Cyber Essentials but does not include Cyber Essentials controls — those are assessed separately. Additional governance areas checked include risk assessment and management, training and people management, change management, monitoring, backup, and incident response and business continuity.

Forti5 Technologies is an IASME-certified assessor that guides organisations through the full certification journey.