Cyber Essentials

Secure your organisation against a cyber breach with Cyber Essentials. Become certified with MASS to demonstrate your commitment to cyber security.

What is Cyber Essentials?

Cyber Essentials is a way of protecting your business against the increasing and real danger of a cyber attack. It is vital to implement controls that significantly reduce the risk of a cyber attack on your organisation.

The Cyber Essentials scheme is supported by the National Cyber Security Centre (NCSC) and is the minimum cyber security requirement for the entire government supply chain.

It is available to all businesses and on average prevents around 80% of cyber attacks and, if you opt in, can include £25,000 worth of cyber insurance to help you recover from an accidental or deliberate cyber breach. 

The scheme also demonstrates your commitment to building a secure foundation for your IT system and your organisation is dedicated to protecting the data you hold.


How do I become certified?

The National Cyber Security Centre has specifically selected five Accreditation Bodies to oversee Cyber Essentials. The Accreditation Bodies recruit and manage the numerous Certification Bodies, ensuring the standards set by the NCSC are met.

MASS is a Certification Body for IASME, one of the five Accreditation Bodies selected by NCSC. We can support you throughout your certification process.

To begin your certification you will need to:

Cyber Essentials

Cyber Essentials certification is awarded on the basis of an independently verified self-assessment questionnaire.

Organisations assess themselves against the five Cyber Essentials security controls. The questionnaire is then verified by a Certification Body (i.e. MASS) to assess whether an appropriate standard has been achieved, and award the Cyber Essentials certification.

Certification provides:

  • Reassurance to customers, suppliers and stakeholders that cyber security is taken seriously and methods are in place to reduce the threat from cyber-attacks
  • The ability to be considered for government contracts
  • The potential to reduce cyber-insurance premiums.

To begin your certification you will need to:

Cyber Essentials Plus

Once you have achieved the basic Cyber Essentials certification, you may require an upgrade to Cyber Essentials Plus.

This higher level of certification offers additional independent assurance; you can demonstrate that you are complying to more stringent tests of your organisation’s network and computers.

Cyber Essentials Plus offers additional independent assurance that an organisation is complying to Cyber Essentials through both internal and external tests of the organisation’s network and computers. These tests are more stringent than Cyber Essentials Basic.


The NCSC recommends re-certifying annually and from 1 April 2020, certificates will be issued with a 12-month expiry date. For support to re-certify contact us.

Contact us to enquire about Cyber Essentials Plus and help with re-certifying

Cyber Essentials - 5 security controls

Find out more

Your next steps to being digitally secure

If you have any questions about the Cyber Essentials scheme and how you can become certified contact our Cyber team on +44 (0)1480 222600 between 0800-1800 UTC

Contact us