Cyber security is no longer a concern reserved for large enterprises or highly regulated industries. Every organisation that uses email, cloud services or internet connected devices faces the risk of cyber-attack. For many UK businesses, Cyber Essentials is the first and most important step towards building a strong, recognised security baseline.
In this post, we explain what Cyber Essentials is, how it differs from Cyber Essentials Plus, and why Sentinel being Cyber Essentials Plus certified is a real advantage for our customers.
What is Cyber Essentials?
Cyber Essentials is a UK Government backed cyber security scheme designed to help organisations protect themselves against the most common cyber threats. It is supported by the National Cyber Security Centre and focuses on practical, achievable controls that reduce the risk of attacks such as phishing, malware and unauthorised access.
The scheme is built around five core technical controls:
- Firewalls and internet gateways
- Secure configuration of systems and devices
- User access control
- Malware protection
- Patch management and keeping systems up to date
By implementing these controls, organisations can prevent a large percentage of commodity attacks that rely on basic weaknesses or misconfigurations.
For many businesses, Cyber Essentials is also a commercial requirement. It is mandatory for organisations bidding for certain government contracts, and increasingly expected by customers, partners, and insurers as evidence of good cyber hygiene.
Cyber Essentials vs Cyber Essentials Plus
While Cyber Essentials and Cyber Essentials Plus are based on the same technical requirements, the difference lies in the level of assurance.
Cyber Essentials is a self-assessment certification. Your organisation completes a structured questionnaire and confirms that the required controls are in place. The submission is externally reviewed, but there is no hands-on technical testing. It is a valuable starting point, but it relies on accurate interpretation and honest reporting.
Cyber Essentials Plus takes assurance significantly further. In addition to the questionnaire, an independent assessor carries out practical technical testing of your systems. This includes vulnerability scans, checks on user devices and attempts to verify that the required controls are genuinely working in real world conditions.
Because of this, Cyber Essentials Plus is widely recognised as a stronger and more credible certification. It demonstrates not just intent, but proven implementation.
Why Sentinel is Cyber Essentials Plus certified
At Sentinel, we believe that cyber security providers should meet the same standards we recommend to our customers. Achieving Cyber Essentials Plus certification is a clear demonstration that our own systems, processes and expertise stand up to independent scrutiny.
The certification confirms that:
- Our internal infrastructure meets government backed security standards
- Our devices and user access controls are securely configured
- We actively manage patching, malware protection and system hardening
- We can successfully pass external technical verification, not just self assessment
This is not a one off exercise. Cyber Essentials Plus must be renewed annually, which means our controls are regularly tested and kept current as threats and technologies evolve.
What Sentinel’s CE Plus status means for our customers
Choosing a Cyber Essentials Plus certified partner brings tangible benefits.
- First, it builds trust. When we provide guidance, implementation or ongoing support, customers can be confident that our recommendations are rooted in practices we follow ourselves.
- Second, it reduces risk. Whether we are managing infrastructure, providing consultancy or delivering cloud services, our certification demonstrates that security is embedded into how we operate day to day.
- Third, it simplifies compliance. Many customers are working towards Cyber Essentials or Cyber Essentials Plus themselves. Partnering with a certified provider means fewer gaps, clearer accountability and smoother audits.
- Finally, it reinforces our role as a long term security partner. Cyber security is not just about passing a certification. It is about building resilient systems, informed users and a culture of continuous improvement. Cyber Essentials Plus is one piece of that wider commitment.
Cyber Essentials as part of a wider security strategy
It is important to note that Cyber Essentials is a baseline, not a complete security solution. It should be seen as a foundation on which to build additional controls such as advanced threat protection, security monitoring, backups and user awareness training.
Sentinel works with customers to treat Cyber Essentials as a practical starting point, integrating it into a broader, risk led cyber security strategy aligned to the needs of the business.
If you would like to understand how Cyber Essentials or Cyber Essentials Plus could benefit your organisation, or why working with a Cyber Essentials Plus certified partner matters, our team is always happy to talk.