Cyber Essentials

Secure your organisation against a cyber breach with Cyber Essentials. Become certified with MASS to demonstrate your commitment to cyber security.

What is Cyber Essentials?

The Cyber Essentials scheme was introduced in June 2014 following government concern that organisations were generally not doing enough to protect themselves against low level, low sophistication internet based cyber attacks.

The controls are based around research which demonstrated that the majority of breaches happen because organisations have a weakness in one or more of 5 key areas. Those 5 areas form the basis of the Cyber Essentials scheme controls. Following a review of the delivery of the scheme, IASME was awarded Cyber Essentials Partner status with effect from 01 April 2020.

The scheme

The Cyber Essentials scheme is a way of protecting your business against the increasing and real danger of a cyber attack and is supported by the National Cyber Security Centre (NCSC). It is the minimum cyber security requirement for the entire government and other industry supply chains  and is also vital to implement controls that significantly reduce the risk of a cyber attack on your organisation.

It is available to all businesses and, if you opt in, can include £25,000 worth of cyber insurance to help you recover from an accidental or deliberate cyber breach. 

The scheme also demonstrates your commitment to building a secure foundation for your IT system and your organisation is dedicated to protecting the data you hold.

If you have any questions about Cyber Essentials contact our cyber team for more information.

How do I become certified?

As of 1st April 2020, the IASME Consortium (IASME) has been selected as the National Cyber Security Centre’s (NCSC’s) Cyber Essentials Partner for the delivery of the Cyber Essentials Scheme. IASME recruit and manage the numerous Certification Bodies, ensuring the standards set by the NCSC are met.

MASS is a Certification Body for IASME, and will support you throughout your certification process.

To begin your certification you will need to email, our cyber team will send you a simple form to complete to begin your ceritification.

Cyber Essentials

Cyber Essentials certification is awarded on the basis of an independently verified self-assessment questionnaire.

Organisations assess themselves against the five Cyber Essentials security controls. The questionnaire is then verified by a Certification Body (i.e. MASS) to assess whether an appropriate standard has been achieved, and award the Cyber Essentials certification.

Certification provides:

  • Reassurance to customers, suppliers and stakeholders that cyber security is taken seriously and methods are in place to reduce the threat from cyber-attacks
  • The ability to be considered for government contracts
  • The potential to reduce cyber-insurance premiums.

To begin your certification you will need to email, our cyber team will send you a simple form to complete to begin your ceritification.

Cyber Essentials Plus

Once you have achieved the basic Cyber Essentials certification, you may require an upgrade to Cyber Essentials Plus.

This higher level of certification offers additional independent assurance; you can demonstrate that you are complying to more stringent tests of your organisation’s network and computers.

Cyber Essentials Plus offers additional independent assurance that an organisation is complying to Cyber Essentials through both internal and external tests of the organisation’s network and computers. These tests are more stringent than Cyber Essentials self assessment.


The NCSC recommends re-certifying annually and from 1 April 2020, certificates will be issued with a 12-month expiry date. For support to re-certify contact our cyber team


Redefining Cyber Essentials Certification

The current changing working environment has put increasing pressure on companies to protect their organisations from cyber threats, so it has never been more important to ensure your business is digitally secure. With the majority of workforces working remotely, networks are now more vulnerable than ever before.

Adapting to these unprecedented times MASS has redefined how we conduct Cyber Essentials Plus (CE+) assessments. CE+ is a higher level of certification offering additional independent assurance, which can demonstrate that companies are complying to a set of rigorous tests of your organisation’s IT infrastructure.

The certification would usually require an approved assessor to conduct an onsite visit of your premises and work alongside your team to conduct the assessment.  We are proud to have adapted our processes which have enabled us to conduct the assessments remotely via consultation from our Cyber team. For more information contact our team: or

Cyber Essentials - 5 security controls

Find out more

Your next steps to being digitally secure

If you have any questions about the Cyber Essentials scheme and how you can become certified contact our Cyber team on +44 (0)1480 222600 between 0800-1800 UTC

Contact us