Client Hub
Client Hub

Cyber Essentials

Cyber Essentials is a UK government-backed scheme that helps protect organisations from cyberattacks and is required for government contracts.

Get in touch

Croft partners with the UK’s leading Cyber Essentials certification provider to guide organisations through achieving Cyber Essentials or Cyber Essentials Plus compliance. We help businesses stay protected in today’s evolving cyber landscape by ensuring secure access, device safety, and employee awareness. 

Croft is dedicated to safeguarding organisations and their employees’ devices. In today’s rapid and ever-changing cyber landscape, our mission is to enable organisations to protect themselves while educating their employees on existing and emerging cyber threats.

Recent and unforeseen events have altered the way we approach cyber security; with remote working rapidly becoming the norm, it has never been more crucial that your staff can access company systems and data securely from any device.

Cyber Essentials and Cyber Essentials Plus are UK government-backed certification schemes designed to help organisations protect themselves against common cyber threats.

By achieving Cyber Essentials, you are demonstrating that your organisation understands and has implemented fundamental cyber security controls.

Not only does it protect your business against cyber threats, but it also shows your customers, suppliers, and stakeholders that your organisation takes cyber security seriously.

Want to protect your business? Talk to one of our Cyber Essentials experts today!

You are currently viewing a placeholder content from HubSpot. To access the actual content, click the button below. Please note that doing so will share data with third-party providers.

Unblock content Accept required service and unblock content
More Information

Benefits of Cyber Essentials

Cyber Essentials remove complexity icon img
Remove Complexity

Streamline the certification process to eliminate complexity. We will guide you through the entire journey from start to finish, providing all the guidance and recommendations to ensure you meet the requirements of Cyber Essentials.

Cyber Essentials prepare your business icon img
Prepare Your Organisation

As part of the preparation phase, we utilise our smart agent software and cloud platform to analyse and check the compliance status of all end-user devices, including PCs, Macs, Apple, and Android mobile devices. This preparation will highlight any issues associated with your end-user devices.

Cyber Essentials remediate resolve device issues icon img
Remediate and Resolve Device Issues

We will help remediate any non-compliant devices, including guiding end-users on actions they may need to take to achieve compliance. A detailed report will also be provided, outlining devices that fail due to outdated operating systems and our recommended solutions.

Cyber Essentials self-questionnaire assistance icon img
Assist with Self-assessment Questionnaire

Croft will assist you in completing the online self-assessment questionnaire using our smart digital portal. This intuitive portal captures and saves your progress, provides in-platform guidance, advanced security features, and unlimited support.

Cyber Essentials questionnaire remediation resolution guidance icon img
Questionnaire Remediation and Resolution Guidance

Croft will apply configuration changes and review data to support your Cyber Essentials assessment. The level of remediation depends on your IT environment and may require major updates like new security software. If so, we’ll discuss options with you and provide recommendations and cost details.

Cyber Essentials submit assessment for review icon img
Submit Your Assessment for Review

Once we are satisfied that we can demonstrate the five security controls are in place, we will submit your assessment for review through the smart portal.

Cyber Essentials complete certification icon img
Complete Certification

The certification body will review the assessment questionnaire. If everything meets the standard, you will pass, and the certificate can be downloaded from the portal. If not, the assessor will provide feedback, and we can correct any issues and resubmit the assessment at no extra cost.

Cyber Essentials Certification

The Cyber Essentials certification is based on a self-assessment process. You will be required to complete a structured questionnaire that covers key aspects of your IT environment, including the scope of the assessment, employee roles, devices in use, and work locations.

The Cyber Essentials questionnaire will also evaluate your business’s implementation of the five core controls. Once this is completed, responses are formally approved by a senior executive, such as a board member. Your submission is then reviewed and assessed by an independent assessor.

Cyber Essentials logo

1. Firewall

Use of a Firewall and appropriate controls to secure your internet connection.

2. Secure Configuration

Review endpoint and cloud settings to ensure alignment with best practices.

3. User Access Controls

Assess identity and access management in Microsoft 365.

4. Malware Protection

Evaluate the protection, deployment, and effectiveness across devices.

5. Security Update Management

Identify missing patches and unsupported systems.

Croft’s Cyber Essentials Certification Package Includes:

  • 1 x Cyber Essentials Certification – to be achieved in any 12-month period
  • Unlimited assessment submissions at no extra cost
  • Assessment and Security Portal – secure cloud portal
  • Smart Policies – policy templates for user distribution and agreement
  • Active Protect – review of device configuration and security settings
  • Croft Professional Services – step-by-step certification guidance and assistance
  • Remediation Time – We have included an allocation of time to help remediate failed controls
Find out more

Plus Cyber Insurance with £100k GBP Aggregate Limit

  • Free when you achieve your Cyber Essentials Certificate
  • Cyber insurance is designed to help you with robust coverage in the event of a cyber-attack
  • 24/7/365 AIG response service
  • Security and privacy liability
  • Cyber extortion / Network interruption
  • 48 hour free AIG First Response Service
Find out more

Cyber Essentials Plus Certification

Cyber Essentials Plus builds on the foundations set by the standard Cyber Essentials certification by assessing your existing IT infrastructure. Your business must complete the initial Cyber Essentials self-assessment first before progressing to this level.

Although both certifications are based on the same core security controls, Cyber Essentials Plus provides a higher level of independent compliance assurance. During your technical audit, a qualified assessor will carry out a series of tests to ensure your security controls are in place and working effectively.

This assessment samples user devices, all internet-facing gateways, and any servers that provide services accessible from the internet, giving you a comprehensive evaluation of your cyber security posture.

1. Meet the Requirements of Cyber Essentials

Demonstrate that your organisation has implemented the five technical controls required for Cyber Essentials as set out above.

2. Independent Technical Audit

Unlike the basic Cyber Essentials, Cyber Essentials Plus includes a hands-on technical verification by a qualified assessor.

3. Vulnerability Scanning

Internal and external scans are conducted to identify unpatched software or misconfigurations.

4. Device Testing

Internal and external scans are conducted to identify unpatched software or misconfigurations.

5. Email and Web Browsing Tests

Simulated attacks are used to test defences against phishing and malicious websites.

Croft’s Cyber Essentials Plus Certification Package Includes:

  • 1 x Cyber Essentials (CE) Certification – to be achieved in any 12-month period
  • 1 x Cyber Essentials Plus Certification – to be achieved within 3 months of completing CE
  • Independent assessment by expert auditors
  • In-house vulnerability scanning to ensure all device checks are met
  • Unlimited assessment submissions at no extra cost
  • Assessment and Security Portal – secure cloud portal
  • Smart Policies – policy templates for user distribution and agreement
  • Active Protect – review of device configuration and security settings
  • Croft Professional Services – step-by-step certification guidance and assistance
  • Remediation Time – We have included an allocation of time to help remediate failed controls
Find out more

Plus Cyber Insurance with £250k GBP Aggregate Limit

  • Free when you achieve your Cyber Essentials Certificate. Cyber insurance is designed to help you with robust coverage in the event of a cyber-attack.
  • 24/7/365 AIG response service
  • Security and privacy liability
  • Cyber extortion / Network interruption
  • 48 hour free AIG First Response Service
Find out more

Additional work completed for Cyber Essentials Plus

  • Review all third-party software to check that it is up-to-date on all devices and servers
  • Provide recommendations to remediate out-of-date software and vulnerabilities
  • Remediation of out-of-date software and vulnerabilities using the available remediation time*
  • Review and remove software that is not in use or not required (such as older versions of browsers)
  • Confirm that all software, including Adobe, Java, Chrome, etc., is fully up-to-date on all devices and servers
  • Schedule the 90-minute call with the auditor
  • Install the Qualys agent provided by the auditor
  • Attend 90-minute call with the auditor and the customer key contact
  • Submit the assessment questionnaire to the certification body for review and evaluation
Find out more

Additional Services

Background Image

Fully Managed Internet Security

• Web Content Filtering and Reporting • Web threat protection, block attacks before they enter a system • Fully compatible with any location

Find out more
Background Image

Firewall as a Service

• Provision of Next Gen Firewall • Monitoring and Support • Ongoing management of all firewall services and configuration changes • Onsite support

Find out more
Background Image

Backup and Business Continuity

• Includes Fully Managed Backup & Recovery • Ransomware detection (integrated ransomware scanning) • Instant recovery, local or cloud • Backup verification system

Find out more

Excluded Services

The following services are not included as part of our Cyber Essentials packages:

  • Hardware and software upgrades
  • Any unexpected item not explicitly included in the service description
  • Project work related to the implementation of additional IT systems and software
  • Onsite visits, unless specifically detailed as part of your quotation
  • Additional remediation time above the allocated amount in your quotation

Accreditations

Testimonials

What our clients say

The passion the team at Croft show for their business really shines through – the attention to detail, emphasis on possible savings and clear cloud-based approach is very impressive.

We feel their attitude to what we perceive as issues is very positive with all questions answered openly and without hesitation. We don’t feel that they gives us “sales talk” as their passion and enthusiasm are clear in everything they do.

Croft is providing an innovative approach for us and showing our IT infrastructure undergoing continual progress to keep us up to date in the evolving world of IT and communications.

Aberdeen Foyer

Caroline Swales, Finance Manager

Following from serious IT problems which left us without some critical systems for weeks, it was recommended that we bring in the team at Croft.

The turnaround was superb. Within days we had actionable information enabling us to make the strategic decisions required to restore operations. The comprehensive investigation, insights and reports meant we could resolve our IT issues, exponentially improve our infrastructure and systems and restore critical confidence for our team and our clients.

I described Croft as the “Rolls Royce” of IT – a title well deserved. If you find yourself stuck, these are the people for you.

Hamilton Waste and Recycling Ltd

David Hamilton, Director

After working with several IT support and telecoms partners that continually blamed each other or passed me from pillar to post, I came across Croft. The on-hand support and service are fantastic – I am really looking forward to the completion of the project and the results it will achieve – can’t recommend these guys enough.

Floors Castle the Roxburghe Estate

Jacqui McElhinney, Head of Finance

When we started looking at our renewal, Croft’s approach and knowledge of the market was fantastic.

We were not pressured at any point during the discussions to make a decision straight away. All the information we were provided throughout the consultation was second to none with a great level of detail and options.

When it came to renewing our contract, it was a very easy decision to do so as no other supplier could come close.

Croft has delivered the best value for money and service provided, assisting all areas of the company from support to director level. They have always been a recommendation to anyone else looking for a fantastic and reliable service.

ESPC UK Ltd

William Sneddon, IT Engineer

A massive thank you to the team at Croft who have steered us through complex compliance, upgrades and major improvements to our systems and network.

A great effort and a continuation of the premier service we have come to expect across the full range of services we have been provided (IT, mobiles, landline, consultancy, data et al.) which is critical for any finance business.

I look forward to their continued recommendations, being challenged on the status quo and the push they continue to give us as a business.

Creditas

Cat Bent, Operation Manager

You might also be interested in ...

IT Security Assessment

Find out more

Security Awareness Training

Find out more

Discuss challenges. Get Solutions

Speak to one of our Cyber Essentials specialists about your technology challenges.

Get in touch

You are currently viewing a placeholder content from HubSpot. To access the actual content, click the button below. Please note that doing so will share data with third-party providers.

Unblock content Accept required service and unblock content
More Information