It wins work
Cyber Essentials is mandatory for many UK government and MoD contracts, and it turns up more and more in private-sector tenders and supply-chain checks.
A certification body since the scheme launched
Cyber Essentials and Cyber Essentials Plus
Cyber Essentials proves you have the controls that stop the most common attacks. We don't just hand you a certificate. We find the gaps, help you close them, then certify what's real. Layer 7 has been an IASME-licensed Certification Body since the scheme launched in 2014: one of the longest-standing in the UK.
The standard
What Cyber Essentials proves
A UK government-backed scheme, created by the NCSC and run through the IASME Consortium. It shows you have the fundamentals in place against the attacks that account for most breaches.
-
Firewalls
Secure the boundary between your network and the internet.
-
Secure configuration
Strip out default passwords and anything you do not need.
-
Security update management
Keep systems supported and patched.
-
User access control
People get only the access they need. Admin rights stay tight.
-
Malware protection
Defend every device against malicious software.
Cyber Essentials covers five technical controls: firewalls, secure configuration, security update management, user access control, and malware protection. Certification lasts 12 months.
The difference
Two levels. One assessor.
Same five controls. What changes at Plus is how they are proven, and both levels run through Layer 7.
| Aspect | Cyber Essentials | Cyber Essentials Plus |
|---|---|---|
| What it is | A verified self-assessment | The same controls, proven by a hands-on audit |
| How it's checked | We review your submission | We test a sample of your systems ourselves |
| The result | A declaration we certify | Tested, evidenced compliance |
| Best for | First certification, lighter-touch supply chains | Government and MoD contracts, higher assurance, tenders that require it |
| Valid for | 12 months | 12 months |
We are the licensed assessor, so your Cyber Essentials Plus audit stays under one roof. See the CE Plus audit in detail →
The case
Why it matters to your business
It comes with cover
UK-domiciled organisations that certify at the base level, under the scheme's turnover threshold, are included in the scheme's cyber liability insurance.
It cuts your risk
The five controls shut down the opportunistic attacks that do most of the damage.
It earns trust
A recognised, NCSC-backed mark that procurement teams understand on sight.
The partner
Why certify with
Most providers do one part. We do the whole lifecycle. Some firms get you ready, then hand you to a separate assessor. Others issue the certificate and leave the fixing to you. We secure, assure and manage, under one roof.
Secure
We find the gaps in the five controls and help you close them. No gap between the report and the reality.
Assure
We are the licensed assessor. We run your audit and issue your certificate. No separate vendor in the chain.
Manage
We track your renewal and keep you certified, year after year.
A Certification Body since 2014: one of the longest-standing in the UK. Government-grade rigour, made practical for growing businesses.
The process
How it works
Four steps, one assessor from start to finish. Cyber Essentials Plus adds an independent technical audit of a sample of your systems, run by a Layer 7 assessor after your base certification.
Start your certification-
Scope and quote
We confirm what is in scope and give you a fixed price.
-
Assess
You complete the IASME question set. We guide you through anything unclear.
-
Certify
Our assessors review, and we issue your certificate.
-
Renew
We remind you before your certificate expires and keep you covered.
Across the lifecycle
Beyond the baseline
Cyber Essentials is the floor, not the ceiling. When you're ready to go further, we take you there. One firm, across the lifecycle.
Pricing
Priced by the scheme, fixed up front
Cyber Essentials is priced by organisation size, as set by the scheme. You see the price before you commit, with no hourly surprises.
Request a fixed-price quote- Micro £320 +VAT
- Small £440 +VAT
- Medium £500 +VAT
- Large £600 +VAT
Banded by organisation size, as defined by the scheme.
Questions
Cyber Essentials FAQs
Is Layer 7 an official Certification Body?
Yes. Layer 7 has been an IASME-licensed Certification Body since the scheme launched in 2014, and is listed in the official Find a Certification Body directory.
What is the difference between Cyber Essentials and Cyber Essentials Plus?
Cyber Essentials is a verified self-assessment against five controls. Cyber Essentials Plus covers the same controls, then proves them with a hands-on audit by a licensed assessor.
How long does certification take?
Once your systems meet the five controls, the base assessment can be completed in days. Cyber Essentials Plus takes longer because it needs a scheduled, hands-on audit.
How much does Cyber Essentials cost?
The base level is priced by organisation size, as set by the scheme. Cyber Essentials Plus is quoted on your environment. Ask us for a fixed price.
How long is the certificate valid?
Twelve months. You re-certify annually to keep your certification current.
Is Cyber Essentials mandatory?
It is required for many UK government and MoD contracts, and increasingly in commercial supply chains. For everyone else it is voluntary, and strongly recommended.
Do I get cyber insurance with it?
UK-domiciled organisations that certify at the base level, under the scheme's turnover threshold, are included in the scheme's cyber liability insurance. Ask us whether you qualify.
Can Layer 7 certify organisations outside the North East?
Yes. We are North East based and deliver Cyber Essentials and Cyber Essentials Plus across the whole of the UK.
Get certified by the assessor, not the middleman
No readiness handoff. No outsourced audit. Just certification from a Certification Body that has done this since the scheme began in 2014.