Frequently Asked Questions
Government Contract Requirements
Cyber Essentials is a UK government-backed certification that ensures businesses have basic cybersecurity measures in place. It is mandatory for organizations bidding on government contracts involving sensitive data.
Cyber Essentials is a self-assessment certification, while Cyber Essentials Plus involves an independent assessment by a qualified auditor to verify your security measures.
Not all contracts require it, but most involving sensitive or personal data mandate Cyber Essentials certification as a minimum requirement.
Yes, Cyber Essentials supports GDPR compliance by ensuring robust data protection measures are in place.
Without certification, depending on the type of bid, your bid may be disqualified or rejected for failing to meet the mandatory cybersecurity requirements.
Yes, even small businesses must have Cyber Essentials certification if the contract specifies it as a requirement.
It ensures your organization has basic security measures like firewalls, secure configurations, and malware protection to prevent common cyberattacks.
While it is UK-specific, Cyber Essentials demonstrates a commitment to cybersecurity, which can enhance your credibility internationally.
Yes, Cyber Essentials certification is valid for one year and must be renewed annually to remain compliant.
Contracts involving highly sensitive data may require Cyber Essentials Plus, ISO 27001, or SOC 2 certifications.
Certification Process
You can begin by contacting InfoFortify for a free internal audit to assess your readiness and guide you through the certification steps.
You’ll need details about your IT infrastructure, security policies, and evidence of implemented security controls.
The process typically takes 14 days to 1 month, depending on your organization’s preparedness.
ISO 27001 certification can take 6-12 months, depending on the size and complexity of your organization.
Yes, InfoFortify specializes in both certifications, offering tailored consultancy services to meet your needs.
InfoFortify will provide a detailed report of the gaps and guide you in addressing them for a successful reassessment.
Not necessarily. InfoFortify can work with your existing team or provide external support to achieve certification.
No, Cyber Essentials is a prerequisite for Cyber Essentials Plus certification.
InfoFortify uses tools like Nessus and Qualys for vulnerability assessments and Excel for audit tracking and reporting.
InfoFortify can conduct a gap analysis, develop policies, and provide a roadmap to ensure your organization meets all ISO 27001 requirements.
Cost and Investment
The cost depends on your organization’s size and complexity. InfoFortify offers consultancy services starting from £500 per day.
Yes, Cyber Essentials Plus involves an independent audit, which incurs additional costs based on the scope of the assessment.
Yes, InfoFortify can discuss flexible payment terms to accommodate your budget and financial goals.
Certifications like Cyber Essentials enhance your credibility, improve security, and open opportunities for government contracts, providing significant ROI.
InfoFortify offers competitive pricing and may provide discounts for small businesses or startups.
The cost varies based on your organization’s size, but InfoFortify can provide a detailed quote after an initial consultation.
Internal audits may be included as part of the consultancy package or charged separately based on the scope of work.
No, InfoFortify ensures transparency in pricing and provides a detailed breakdown of all costs upfront.
Yes, InfoFortify can offer a free basic internal audit to assess your organization’s readiness and provide recommendations.
The cost of certification is significantly lower than the financial and reputational damage caused by data breaches or regulatory fines.
