Cyber Essentials
Certified directly by us. The fastest credible answer to a client security questionnaire, and the baseline insurers increasingly expect.
Your clients trust you with their most sensitive information, and increasingly they check how you protect it before they instruct you. We help law firms, accountants and consultancies meet that bar: Cyber Essentials, Cyber Essentials Plus, and the evidence that clears a security questionnaire in one line. From an IASME Certification Body operating since 2014.
Prefer email? hello@layer7.uk
The single most common trigger is a client. Before a corporate, a public body or a financial institution instructs you, they send a security questionnaire: do you hold Cyber Essentials, Cyber Essentials Plus or ISO 27001, do you enforce multi-factor authentication, do you test your backups, do you train your people, do you have an incident-response plan. Holding the right certification answers most of it in one line, and is often a panel or tender gate.
For law firms there is more. Lexcel requires a documented information-management and security policy and at least annual security training. The SRA expects you to identify, monitor and manage material risks, including cyber, and the NCSC publishes dedicated legal-sector guidance on the threats that hit firms hardest: phishing, business email compromise and ransomware.
And for some, it is now mandatory. From 1 October 2025, firms holding a Criminal Legal Aid contract must hold a valid Cyber Essentials certificate.
For accountants, the professional bodies expect proportionate technical controls under their codes of ethics. Cyber Essentials is the recognised way to evidence that you have them.
Certified directly by us. The fastest credible answer to a client security questionnaire, and the baseline insurers increasingly expect.
Independently audited assurance for firms holding the most sensitive client data, certified directly.
Most breaches in this sector start in email and identity. We harden and watch Entra, Defender and sign-ins.
CREST and Cyber Scheme qualified testing of the systems and applications your clients ask about.
When a client wants more than Cyber Essentials, we map the step up to IASME Cyber Assurance or ISO 27001, proportionately.
You sit in your clients' supply chain. We help you answer their due diligence with evidence, and apply the same scrutiny to your own suppliers.
Most security vendors hand you a long report and an invoice. We prioritise by real risk, sit with your team to close the gaps, and give you the evidence that unblocks client work. As an IASME Certification Body since 2014, with in-house CREST and Cyber Scheme qualified testers, we certify, test and monitor under one roof, so your answers to a client are evidence, not guesswork.
Newcastle is the North East's professional-services and legal hub, with a dense base of law firms, accountancy practices and consultancies serving the wider region. For most of them, Cyber Essentials and Cyber Essentials Plus, rather than full ISO 27001, are the proportionate fit. We are the local certification body that delivers them.
Most often because a client asks. Security questionnaires and supply-chain due diligence now routinely ask whether you hold Cyber Essentials, Cyber Essentials Plus or ISO 27001. Holding the certification clears the questionnaire quickly and is frequently a panel or tender requirement. Insurers increasingly expect it too.
For most firms it is strongly expected rather than legally required. But from 1 October 2025, firms holding a Criminal Legal Aid contract must hold a valid Cyber Essentials certificate.
Lexcel requires a documented information-management and security policy covering your information assets, risk assessment, business continuity and incident response, plus information-security training at least annually. We help you put the technical controls behind the policy.
Cyber Essentials is a verified self-assessment. Cyber Essentials Plus adds an independent, hands-on technical audit of your live systems. Plus is the stronger signal for firms holding sensitive client data.
Yes. The professional bodies expect proportionate technical and organisational controls. Cyber Essentials and Cyber Essentials Plus are the recognised way to evidence them, and to answer client and HMRC-agent expectations.
Yes. We are North East based and certify firms across the region and the wider UK, on site or fully remotely.
Prefer email? hello@layer7.uk