The IASME Cyber Essentials scheme is a government-backed way for companies to assess their cyber security infrastructure, with certification being an attractive selling point for potential collaborators/clients. Cyber Essentials certification isn’t a legal requirement, however, it is necessary for several government contracts, public supply areas and educational institutions. Beyond this, it’s good practice to have in place for any business operating in an economy rife with cybercrime.
But when does Cyber Essentials expire and how does the renewal process work? This article will lay out how often you’ll need to recertify your Cyber Essentials checklist and the steps involved in doing so.
When do I need a Cyber Essentials renewal?
Once the IASME issues a Cyber Essentials certification, the title has a shelf life of exactly 12 months. This means you can advertise and use this certification for the next year before you must go through the self-assessment process again. If you’re going for your first certification, it might be worth doing so after taking active steps to enhance your cyber security profile.
What are the Cyber Essentials requirements?
It’s important to note that the Cyber Essentials checklist updates regularly as technology evolves. In some years, the differences might be more profound than others but it’s worth remembering that renewal might not be as simple as enacting a word-for-word repeat of the year’s passing.
In general, the basis of Cyber Essentials certification comes from self-assessing employees, location and work location, focused on five primary control pillars. These controls are:
- User access control
- Secure configuration
- Security update management
- Firewalls & routers
- Malware protection
The need for Cyber Essentials Plus
It’s worth noting that while many businesses can get by with Cyber Essentials certification alone – based entirely on self-assessment, then verified by IASME board members and an independent assessor – larger or more technically-complex organisations might need Cyber Essentials Plus. This certification, only available after the initial assessment has been verified, is powered by a technical audit of IT systems to guarantee cyber security within the businesses devices, internet gateways and servers.
How much does Cyber Essentials certification cost?
It’s worth noting that your yearly Cyber Essentials certification won’t come for free. This means that your renewal will require some budgetary considerations, varying depending on the size of your organization. The table below gives a guide to the costs associated with a typical Cyber Essentials renewal per number of employees.
| Size of organisation | Cost |
| Micro: 0-9 employees | £320 + VAT |
| Small: 10-49 employees | £440 + VAT |
| Medium: 50-249 employees | £500+ VAT |
| Large: 250+ employees | £600+ VAT |
These prices do favour larger business budgets, so it’s important to keep them in mind before getting your first certification or a yearly renewal.
When to renew?
As stated above, each Cyber Essentials certification only lasts 12 months, meaning in theory you should renew your certificate every year. The reality is that it depends on your clientele or the necessity in relation to upcoming projects.
If you’ve been certified in just over the last year or so and maintained standards, it’s unlikely that your cyber security would have slipped to an unacceptable level in an internal sense. However, if you need the title for the sake of projects, negotiations, a specific client or even peace of mind, there’s no use delaying your renewal.
The truth is, there’s never a bad time to enhance cyber security and the Cyber Essentials checklist is a great framework to operate from.
