Cyber Essentials Certification

How Does It Work?

Step 1
We issue you a self-assessment questionnaire that must be completed and returned to us.

Step 2 We conduct an external vulnerability assessment against your Internet facing systems.

Step 3 We conduct an internal vulnerability assessment on your IT devices.

Step 4 – We review the results from steps 1 and 3 and issue a pass or fail. If you pass, we issue your Cyber Essentials certificate. If you do fail, we work with you to help you prepare and conduct a re-test.


Assessments are all conducted remotely, no onsite visit is required.

What is it?

Cyber Essentials is a UK Government backed scheme suitable for organisations of all sizes. It includes a formal certification showing adherence to a basic set of information security controls.

It is designed to be a base line for cyber security and help give confidence that the organisation being assessed is effectively addressing the cyber security risks that could lead to the loss of confidential data or other business disruption.

Cyber Essentials is achieved after a self-assessment questionnaire is completed and sent for review, along with supporting evidence, to a Certification Body under the signature of a senior director, stating that all the criteria have been met. The Certification Body will assess the questionnaire to verify that the controls have been met.

What does it cost?

£800 + VAT (Certifications do not expire, however it is recommended to re-certify every 12 months to ensure your environment and processes are secure.)


A simple virus or piece of malware could result in loss of company and client data, disrupt your cashflow and take up staff time. An attack could also put off your customers, stop you trading and damage your hard-earned reputation. Loss of data could breach the Data Protection Act and lead to fines or prosecution.

Obtaining the Cyber Essentials certification will:

  • Protect your organisation against common cyber threats
  • Show your customers you take cyber security seriously
  • Achieving the certification will also allow you to use the Cyber Essentials badge to advertise that your organisation meets a
  • Government-endorsed standard.

Frequent Questions


How quickly can I get certified to Cyber Essentials?


We always do our best to get the Cyber Essentials assessment results back to you as quickly as possible. It usually takes us 2 – 4 working days from the time you submit your assessment. If you have a tight deadline please let us know and we can try to fast-track your assessment.


I am not sure I understand the questions – where can I get help?


Spicy Support will help you answer any questions you are unsure on.

If I fail will I have to pay another £800 to take the assessment again?


If you fail we allow you two working days to examine the feedback from the assessor and change any simple issues with your network and policies. You can then update your answers and the assessor will have another look without any extra charges. However, if you still fail after these two days you will have to reapply and pay the assessment fee again.

If I fail will I get feedback about why I failed?


All clients get feedback on any aspect of the assessment which is not fully compliant. You will get a PDF of all the answers you gave and comments from the assessor against any that were considered non-compliant. If you fail the assessment this feedback should help you improve your security so you can pass in the future.

How long will I have to complete and submit my assessment?


You will have 6 months from date of application to complete and submit your assessment. After this time your account may be closed. You would have to apply and pay again if you wanted to be assessed.

Can I just answer yes / no to most questions?


You need to add brief notes to most answers. This allows us to understand your company and controls better, makes the assessment process faster and also makes it more likely we will be able to understand your systems enough to pass you.