top of page

WCRC Head of Cyber and Innovation shares first-hand experience of the Cyber Essentials accreditation

We asked our Head of Cyber and Innovation, Paul Hall to share with us his own, personal experience of going through what it takes to achieve Cyber Essentials. We put to him a series of questions that will help other small business owners who are also interested in the accreditation, to gain a better understanding of the step-by-step process undertaken to achieve Cyber Essentials certification.

And this is what he said…

What is Cyber Essentials and what are the key benefits for a small business?

Cyber Essentials is an effective, government-backed scheme that will help you to protect your organisation, whatever its size, against a whole range of the most common cyberattacks.

Cyberattacks are becoming more common in the business community, and it is important that businesses ensure they give consideration to cyber security in order to protect themselves from becoming a victim and suffering things like financial loss, reputation damage and disruption to business continuity.

Further benefits of having the qualification is that it helps you to reassure your customers that you are working to secure your IT against cyberattacks. Government and local authority contracts, on occasions require Cyber Essentials certification.

There are two different certifications. The first, Cyber Essentials is where businesses assess themselves and then a qualified assessor verifies the information provided. The second is Cyber Essentials Plus and this is when a qualified assessor examines your systems themselves.

Can you talk us through the step-by-step process you went through to achieve Cyber Essentials certification?

The first step is to go to the Cyber Essentials website via the National Cyber Security Centre Partner IASME Consortium Cyber Essentials – ISAME. I then completed the readiness toolkit which is a series of questions that have been developed to lead you through the main parts of the Cyber Essentials requirements. What is great about this is that if there are areas where you need to put more controls in place, you will get a link to guidance about how to make those changes. At the end you will get a list of actions outlining what steps you need to take to prepare for Cyber Essentials and links to specific guidance on those actions.

After completing the readiness toolkit, I downloaded the question set for the accreditation to ensure that I was in a position to answer them. I then made contact with a WCRC Cyber Essentials Partner who set me up on the Cyber Essentials platform in order for me to complete the assessment and submit it to a qualified assessor. The WCRC can assist you in signposting to one of our partners who are accredited assessors.

Were the instructions easy to understand and follow?

The website is easy to navigate and assists you in ensuring your fully prepared before submitting the final assessment.

Would someone with limited cyber knowledge be able to complete the accreditation or would they require assistance? If so, how would they go about doing this?

The majority of the accreditation can be understood by someone with limited cyber knowledge. It is however vital to complete the readiness toolkit first as this will improve your knowledge and help to understand the key principles the business will be assessed on.

Some of the Cyber Essentials self-assessment questions can be difficult to understand if you do not have a technical IT background or have a complex company structure. We work with a number of Cyber Essentials Partners who can assist you in understanding the assessment questions. If you do have an IT provider confer with them as they will also be able to assist you in understanding your operating systems. The WCRC is also there to support you and advise you on what cyber security systems you can put in place which will assist you in gaining the accreditation, so do get in touch.

How long did it take you to complete?

I completed the assessment over a two-week period which included going through the readiness toolkit first but this is dependent on your current workload and demands on you and your business.

When did you receive your CE certification? Was it immediately after completing the training or is there a period in which you wait to hear you’ve received it?

On submitting the assessment, it was returned to me that day notifying me that I was successful in my application.

How affordable is it?

The price of Cyber Essentials is dependent on the size of your organisation. The price starts at £300 + VAT for organisations with under 10 employees and rises to £500 +VAT for large organisations which employ over 250 employees.

The WCRC has teamed up with IASME to deliver a Cyber Essentials introduction webinar on the Thursday 29 June that will provide an in-depth input regarding the scheme and how to obtain the accreditation. Be sure to sign up!


The contents of this website are provided for general information only and are not intended to replace specific professional advice relevant to your situation. The intention of The Cyber Resilience Centre for Wales is to encourage cyber resilience by raising issues and disseminating information on the experiences and initiatives of others. Articles on the website cannot by their nature be comprehensive and may not reflect most recent legislation, practice, or application to your circumstances. The Cyber Resilience Centre for Wales provides affordable services and Trusted Partners if you need specific support. For specific questions please contact us.

The Cyber Resilience Centre for Wales does not accept any responsibility for any loss which may arise from reliance on information or materials published on this document. The Cyber Resilience Centre for Wales is not responsible for the content of external internet sites that link to this site or which are linked from it.

bottom of page