ITB - IT Solutions for the next generation
linkedin logo twitter logo facebook logo google+ logo

Out with the Old – Cyber Essentials is Changing!

Out with the Old – Cyber Essentials is Changing!

Cyber Essentials is changing. The Cyber Essentials Certification has been around now since 2014. Developed by the NCSC to provide a basic framework for businesses to follow so that they can ‘prove’ Cyber Security hygiene, it’s definitely been a ‘step in the right direction’.

Since its inception, over 30’000 certificates have been issued, however, changes are afoot.

Currently, there are two levels, Cyber Essentials and Cyber Essentials Plus and in total there are 5 certification bodies. These are APMG, CREST, IASME, IRM Security and QG.

All of these certification bodies operate in a slightly different way which is the primary reason for the first change.

New Partnership Model

As of March 2020, there will be only 1 certification body or ‘delivery partner’. This will help streamline the certification process and make managing the scheme easier. It also will provide a greater level of consistency across the board and a higher level of customer satisfaction.

The outgoing bodies will still be able to provide Cyber Essentials services, however, how this will look remains to be seen. The NCSC will be working closely with these bodies so that they are aware of what they need to provide.

The new Delivery Partner will work closely with the NCSC who will define a ‘minimum standard of expertise’. Everyone responsible for certifying businesses will need to be compliant with this standard.


Another key change will be the increased collaboration between the new Delivery Partner and the NCSC. Between them, both parties will be introducing at least 6 other changes.

These changes are:

  • Enhanced advisory services to business
  • Improvement in the way the NCSC measure the cybersecurity ‘health’ of UK businesses
  • More proactive feedback on current Cyber Security controls
  • Additional levels of certification
  • Making the certifications easier to understand and more intuitive
  • Using automation to deliver certain services

There may be other areas the NCSC address in the future, but for now, these are the primary ones.


There is currently no expiry date on Cyber Essentials Certificates. The NCSC will work with the new delivery partner to issue certificates with a 12-month expiry date.

It is hoped that this re-certification process will further increase confidence in businesses Cyber Security practices.

You can read the full article from the NCSC here – NCSC Blog – Bare Essential

For more information on the changes contact us on 01865 595510