You have landed on this page because you employ more than 250 people, you may be working with the Crown Commercial Service or bidding for other Government Department contracts and you either wish to apply for Cyber Essentials Certification or you have been instructed by your customer to meet the requirements prior to being awarded a contract.
Scope
As a large organisation your greatest challenge will be scoping your boundary. You can be certified as individual departments/work units/countries if you have a physical boundary to your larger organisations infrastructure. As an easy rule of thumb if the larger infrastructure is infected by ransomware such as Cryptolocker would it infect your work units system. If it would you will need to either add hardware or re-define your scope.
To obtain your certificate you are required to provide evidence, to an accredited certification body, that you meet the Cyber Essentials Requirements. We have made this easy for you by providing a standard questionnaire that asks you the relevant questions, you’ll need to attach some evidence so we’ve provided some guidance notes for you to follow. On completing the questionnaire to the satisfaction of your chosen certification body you will be awarded your Cyber Essentials Certificate.
You can choose your certification body and complete a word doc/pdf here or
If you’d prefer to use an online portal to present your evidence you can choose one here. (the questions are the same)
You may be required to provide further assurance to your customers that you meet the requirements of Cyber Essentials. This is called Cyber Essentials PLUS and involves an audit at your premises, some technical testing as well as the completion of your questionnaire. As this level of assurance needs a site visit costs can vary, so be sure to request quotes from more than one CE+ certification body. All certification bodies test to the same specification and are monitored by ourselves.
If you require assistance you can call on Accredited Cyber Essentials Practitioners to help you implement the requirements. Many already work in large organisations and are familiar with a range of infrastructures.