Cyber Essentials Certification

Our experts guide you every step of the way, simplifying the process and strengthening your security so you achieve certification with confidence and ease.

Trusted by many brands

The Five Cyber Essential Control

Every Cyber Essentials assessment covers five key areas — Pera Prometheus supports you through each step with clear, straightforward guidance

Firewalls

Control 01

Firewalls

Secure your internet connection with properly configured firewalls that prevent unauthorised access.

Secure Configuration

Control 02

Secure Configuration

Ensure devices and software are set up securely, removing default passwords and unnecessary features.

Security Update Management

Control 03

Security Update Management

Limit user access to what is strictly necessary — protecting your data from insider and external threats.

User Access

Control 04

User Access

Defend against viruses, spyware and ransomware with up-to-date, properly configured malware protection.

Malware Protection

Control 05

Malware Protection

Keep all devices and software up to date. Critical patches must be applied within 14 days of release.

Why Pera Prometheus?

Not every consultancy has stood on the Defence side of the table. Ours have — and that makes all the difference.

Defence-Grade Expertise

Experts in Cyber Essentials and Cyber Essentials Plus, our Lead Assessors have issued over 1000 Cyber Essentials certificates and have carried out more than 600 Cyber Essentials Plus audits

Clear, Jargon-Free Guidance

We communicate technical requirements in plain, everyday language. Clients consistently tell us we make what could be a stressful process feel straightforward and well managed.

We're CE+ Certified Ourselves

We are Cyber Essentials and Cyber Essentials Plus accredited meaning we guide you based on real-world experience and what we’ve successfully implemented ourselves

Supply Chain Specialists

Working in the MOD supply chain brings bespoke requirements. We understand the nuances of DEFCON, FSC, DCC and how Cyber Essentials fits into that broader compliance picture.

Ongoing Partnership

Working in the MOD supply chain brings bespoke requirements. We understand the nuances of DEFCON, FSC, DCC and how Cyber Essentials fits into that broader compliance picture.

FAQ with Amy Osborne

Frequently Asked Questions

Is Cyber Essentials mandatory for MOD contracts?

Yes, Cyber Essentials is mandatory for all Ministry of Defence (MOD) and Government contracts that involve handling sensitive information or connecting to MOD systems. Many defence-related contracts will specify Cyber Essentials or Cyber Essentials Plus as a condition to demonstrate that appropriate cyber security controls are in place.

How long does the certification process take?

The Cyber Essentials certification process typically takes between a few days and a few weeks, depending on your organisation’s readiness and how quickly any required improvements can be made. Cyber Essentials Plus may take longer due to the additional verification and testing involved.

We're a small business — is Cyber Essentials right for us?

Absolutely. Cyber Essentials is designed for organisations of all sizes, and smaller businesses are often the most vulnerable to common cyber threats. The scheme is cost-effective and the Pera Prometheus team specialise in making the process accessible regardless of your IT resource or security knowledge.

What's the difference between CE and CE+?

Cyber Essentials (CE) is a self-assessed certification that demonstrates your organisation has implemented key cyber security controls to protect against common threats. Cyber Essentials Plus (CE+) includes everything in CE, but goes a step further with independent technical testing to verify that those controls are working effectively in practice, providing a higher level of assurance.

Do remote / home workers affect the scope?

Yes — devices used by remote workers to access company data or systems are in scope. ISP-provided home broadband equipment is out of scope, but you’ll need to confirm the use of software firewalls and/or a corporate VPN. We’ll help you define your scope clearly from the outset.

How often does certification need to be renewed?

Cyber Essentials must be renewed annually. We offer managed annual renewal programmes to make this seamless — keeping you certified year-round with minimal disruption to your business.

What if we fail the assessment?

With our Supported option, we work closely with you throughout the process, providing guidance and support until you meet all Cyber Essentials requirements and achieve certification. With our Unsupported option, you will receive assessor feedback after your initial submission and will need to apply this guidance when updating and resubmitting your answers. You will then have one additional attempt to achieve compliance; if requirements are still not met, the assessment will need to be restarted as a new submission.

Can you help if we already have ISO 27001?

Yes – if you already hold ISO 27001, we can support you in achieving Cyber Essentials. While the two standards are different, they complement each other well: ISO 27001 focuses on policies and information security management systems, whereas Cyber Essentials assesses the technical security of your IT infrastructure and core cyber protections