Certify your clients directly through a real Certification Body
Cyber Essentials for MSPs
Your clients keep being asked for Cyber Essentials. By their insurers, their tenders,
their public-sector buyers, their supply chains. You can offer it without sub-brokering
through someone else or referring the client out. We have been an IASME Cyber Essentials
Certification Body since the scheme launched in 2014, and we certify both Cyber
Essentials and Cyber Essentials Plus in-house. We work co-delivered, as a true partner
alongside you, and because we are the licensed body the certificate is issued by us and
carries our logo. You keep the client relationship and the renewal throughout.
Cyber Essentials has become table stakes. Cyber insurance asks for it. Government
contracts and many private tenders require it. Enterprise customers push it down their
supply chains. So your clients turn to you to get certified.
But here is the catch most MSPs hit: only an IASME-licensed Certification Body can
actually award Cyber Essentials. If you are not a CB, you are either sub-brokering the
certification through one and marking it up, or referring your client out to a third
party, which puts the relationship at risk. Neither is a great answer when the client
thinks of you as the person who handles their security.
Partnering closes the gap. We are the Certification Body, and have been since the
scheme launched in 2014. You offer Cyber Essentials and Cyber Essentials Plus as part
of your portfolio; we certify your clients directly, co-delivered with you. Your client
never has to leave you to get certified, and the certificate comes from a real,
licensed body every time, issued by us.
A Cyber Essentials Certification Body (CB) is an organisation
licensed by IASME (on behalf of the NCSC) to assess and award Cyber Essentials and
Cyber Essentials Plus. An MSP that is not a CB cannot award the certificate itself; it
must go through a licensed CB. When you partner with Layer 7 we assess and certify
your clients co-delivered with you, and the certificate is issued by us as the
licensed body and carries our logo, it cannot be white-labelled. You keep the client
relationship; we supply the licensed assessment and the certificate.
The two levels
Both levels, one partner
Both levels, handled in-house by the same partner.
Cyber Essentials
A verified self-assessment against the five technical controls: firewalls, secure configuration, user access control, malware protection and security update management. Your client completes the assessment; as the Certification Body we review and certify it. Right for clients who need to demonstrate baseline hygiene for insurance or a tender.
Everything in Cyber Essentials, plus a hands-on technical audit: we independently test the controls rather than take them on trust, including authenticated vulnerability scans and a sample of user devices. It carries more weight with auditors and buyers, and it is where our offensive-security rigour matters, the same in-house testing skill an MSP would otherwise have to outsource anyway.
We work co-delivered, as a true partner alongside your team: both names on the engagement,
you close to the client throughout. We do not white-label Cyber Essentials, because the
certificate can only be issued by, and carry the logo of, the licensed Certification Body.
That is us.
How we work
Co-delivered
We work jointly, with both names visible on the engagement. You handle the client relationship and the readiness conversation; we run the assessment and issue the certificate as the licensed CB. A true partnership, with your client close to your team throughout.
How certification works
One certificate, one logo
A Cyber Essentials certificate is issued by the licensed Certification Body and carries only our logo. It cannot be co-branded or white-labelled, and that is the point: it is a real, verifiable certification, not a sub-brokered markup. You keep the client and the renewal; we are the named body on the certificate.
You own the commercial relationship and the renewal throughout. We never approach your
client directly without your say-so, and we integrate with your existing delivery processes
so nothing slows down.
Who awards the certificate Sub-broker / refer out A third-party CB you route through Partner with Layer 7 Us, directly, as the licensed CB
Both CE and CE Plus Sub-broker / refer out Depends on the third party Partner with Layer 7 Both, in-house
CE Plus audit skill Sub-broker / refer out Outsourced again, another hand-off Partner with Layer 7 Our own CREST and Cyber Scheme qualified testers
Your client relationship Sub-broker / refer out Exposed to whoever you refer to Partner with Layer 7 Stays yours; we never approach them
Branding Sub-broker / refer out You are hidden behind a third-party CB Partner with Layer 7 Co-delivered; we are your named CB partner
Time to offer Sub-broker / refer out Set up broker arrangements Partner with Layer 7 Live as soon as the partnership is signed
Takeaway: sub-brokering adds a margin-thinning middle
step and a relationship risk every time you refer a client out. Partnering with a real
Certification Body removes both: you offer certification directly, keep the client, and the
certificate still comes from a licensed body, because it comes from us.
The deliverable
What your client gets
The same certification outcome as our direct engagements, co-delivered with you.
A certificate from a licensed Certification Body
Valid for the assessment they need for insurance, tenders and supply-chain requirements.
Scoping and readiness support
So the assessment is set up to pass, not to surprise.
For CE Plus, a hands-on technical audit
With clear, risk-rated findings where controls fall short, and practical guidance to close them.
Renewal reminders you own
So the annual re-certification stays your touchpoint with the client, not ours.
A certificate they can share
With auditors, insurers and customers as proof of assurance, issued by us as the licensed body.
The process
How we work with you
A clear, repeatable process, mapped onto the way you already work, so certification runs
inside your workflow from onboarding to renewal.
01
Partner onboarding
We agree the co-delivered way of working, sign our standardised partner NDA and agreement, and set how we hand results and certificates back to you. We map to your existing delivery process at this stage, so engagements run inside your workflow, not around it.
02
Scoping, with you or your client
You bring us the client and the level they need; we agree the certification scope, the boundary, the assets, the level, and give you a clear price to quote on. No surprises later.
03
Assessment
For Cyber Essentials we review the verified self-assessment as the CB. For Cyber Essentials Plus our in-house, qualified testers run the hands-on audit, authenticated scans and a device sample, against the current IASME requirements.
04
Certification and reporting
Where the requirements are met we issue the certificate as the licensed CB; it is issued by us and carries our logo. For CE Plus you also receive clear, risk-rated findings and remediation guidance for anything that needs closing first, to hand to your client.
05
Renewal
Cyber Essentials is annual. We prompt the renewal through you, so the yearly re-certification stays your relationship with the client, and we handle the assessment again when it comes due.
The difference
Why partner with Layer 7
A real Certification Body since 2014
We are IASME-licensed for Cyber Essentials and Cyber Essentials Plus, and have been since the scheme launched. Your client is certified directly by a licensed body, not sub-brokered through a third party and hoped over.
Both levels, in-house
CE and CE Plus from the same partner, including the hands-on CE Plus audit. No second hand-off, no chain of subcontractors.
CREST and Cyber Scheme qualified testers behind the audit
The CE Plus technical audit is delivered by testers who hold individual CREST and Cyber Scheme qualifications, recognised by the NCSC, the same rigour we bring to full penetration tests.
Defence and central-government grade
We deliver security to defence, public-sector and regulated clients, including work for a major UK central government department and MOD-accredited cloud, through G-Cloud 14, DOS 7 and CCS frameworks. The same standard goes into every partner engagement, whatever the client size.
We protect your relationship
Your renewal, your client, your call on branding. We do not approach them directly without your agreement.
A pen testing and managed-security partner too
When a client's CE Plus points to remediation, or ongoing control of the risks, we can support penetration testing and managed security through the same partnership, under your brand.
Cross-pillar
Test, certify and manage
Cyber Essentials rarely stands alone. Passing Cyber Essentials Plus often depends on
remediation that a
penetration test
surfaces first, and staying certified between annual assessments means keeping controls
like the patch window and MFA in place, which is exactly what our
managed security layer does.
Because we test, certify and manage as one partner, you can offer your client the whole
arc, get tested, get certified, stay certified, with your client staying yours. This is
the heart of the
Layer 7 Partner Programme.
Cost & engagement
Partner pricing
Clear, transparent pricing, tailored to you. We do not hide certification behind a
portal or a wholesale list you have to decode.
Pricing depends on the level (CE or CE Plus) and the scope of the client's environment,
and once scope is agreed we quote a clear price per certification with no hidden extras,
so you can quote your client with confidence. We set partner pricing around how you work
and the volume you bring, not a one-size-fits-all rate card.
Are you actually a Cyber Essentials Certification Body?
Yes. We have been an IASME-licensed Cyber Essentials Certification Body since the scheme launched in 2014, for both Cyber Essentials and Cyber Essentials Plus. Your client is certified directly by a licensed body, not sub-brokered through a third party.
Can the certificate carry our branding?
No. A Cyber Essentials certificate is issued by the licensed Certification Body and carries only our logo, it cannot be co-branded or white-labelled. That is what makes it a real, verifiable certification rather than a sub-brokered markup. Everything around it stays yours: the client relationship, the renewal and how you present the service. We work co-delivered, alongside your team.
Who owns the client relationship and the renewal?
You do, always. We assess and certify co-delivered alongside you, and we never approach your client directly without your agreement. We prompt the annual renewal through you, so it stays your touchpoint.
Do you handle both Cyber Essentials and Cyber Essentials Plus?
Yes, both levels in-house. Cyber Essentials is a verified self-assessment we review and certify as the CB; Cyber Essentials Plus adds a hands-on technical audit delivered by our own qualified testers.
Do you sub-broker the certification or certify directly?
We certify directly. We are the licensed Certification Body, so there is no third party in the middle and no extra hand-off, which is what keeps your client relationship clean and your margin intact.
Who carries out the Cyber Essentials Plus audit?
Our own in-house testers, who hold individual CREST and Cyber Scheme qualifications recognised by the NCSC. The technical audit is never offshored or subcontracted.
How does partner pricing work?
Clear, transparent pricing, tailored to you. Once scope and level are agreed we quote a clear price per certification with no hidden extras, so you can quote your client with confidence. No published wholesale list, because we build pricing around your business.
Can you also handle our clients' penetration testing or ongoing security?
Yes. We deliver penetration testing and managed security through the same partnership, so you can test, certify and manage a client with one partner.
Certify your clients through a real Certification Body
Tell us about your clients and the certification they need. We will set up a partnership and
certify them to Cyber Essentials and Cyber Essentials Plus as an IASME Certification Body
since 2014, co-delivered with your team. You keep the client; the certificate comes from us.