Cyber security isn’t something you can claim – it’s something you have to prove. That’s the thinking behind our decision to achieve, and now recertify, Cyber Essentials Plus (CE+), one of the most rigorous cyber security certifications available to UK businesses.

In this post, we’ll walk through what CE+ actually involves, the approach we took to achieve it, and why it matters – not just to us, but to every customer and partner who trusts us with their data.

What is Cyber Essentials Plus?

Cyber Essentials is a UK government-backed scheme that sets out five fundamental technical controls every organisation should have in place: firewalls, secure configuration, access control, malware protection, and patch management.

Cyber Essentials Plus goes a step further. Where the base-level certification relies on self-assessment, CE+ requires an independent, external assessor to technically verify that those controls are actually implemented and working – through hands-on testing, vulnerability scanning, and on-site or remote technical audits.

In short: Cyber Essentials tells you what good practice looks like. Cyber Essentials Plus proves you’re actually doing it.

Our approach to certification

Achieving CE+ isn’t a box-ticking exercise, and we didn’t treat it as one. Our approach centred on three phases:

  1. Assessment and gap analysis Before engaging an assessor, we conducted an internal review of our existing security posture – mapping our systems, devices, and access controls against the five CE+ control themes to identify any gaps.
  2. Remediation and hardening With gaps identified, our IT and security teams got to work: patching and updating systems, tightening firewall rules, reviewing user access and admin privileges, and strengthening endpoint protection across every device in scope.
  3. Independent verification Once we were confident in our controls, an accredited external assessor carried out the CE+ audit – including vulnerability scanning and hands-on testing of our systems – to independently confirm everything held up under scrutiny.

Importantly, this wasn’t a one-off project. Certification requires annual recertification, meaning our controls are re-tested and re-verified every year, not set once and forgotten.

Why it matters – beyond the certificate

It builds real, demonstrable trust

Anyone can say they take security seriously. CE+ gives customers and partners independent, third-party evidence that we do – verified by someone with no stake in the outcome.

It reduces risk across the supply chain

Cyber-attacks increasingly target the weakest link in a supply chain, not just the biggest target. By maintaining CE+, we reduce the risk we introduce to every customer and partner connected to us.

It’s increasingly a commercial requirement

For many public sector contracts and an increasing number of private tenders, Cyber Essentials (and often CE+) is now a baseline requirement to even bid. Maintaining certification keeps us eligible for the partnerships and contracts our customers rely on us for.

It reflects a culture, not just a checklist

Passing CE+ depends on more than firewalls and patches – it depends on everyday behaviour across the whole organisation: strong password hygiene, spotting phishing attempts, and following secure processes even when they’re inconvenient. Recertifying successfully is proof that good security practice is embedded in how we work, not bolted on for an audit.

What this means for you

If you’re a customer, partner, or considering working with us, CE+ recertification is a concrete answer to a question you should always be asking your suppliers: “How do you actually know your security controls work?”

We don’t just tell you. We have it independently verified, every year.

If you need to strengthen your organisation’s cyber security, please contact us today.

Further Insights from Quorum Cyber.

Headquarters

Verdant
2 Redheughs Rigg
Edinburgh
United Kingdom
EH12 9DQ

Colorado, USA Office

950 S Cherry St Ste 505
Denver, Colorado
USA
80246

FLORIDA, USA Office

501 E Kennedy Blvd.
STE 1400
Tampa FL 33602

Ontario, Canada Office

1375 North Service Rd E
Suite 102
Oakville
Ontario L6H 1A7

Arizona, USA Office

1300 S Litchfield Rd
110-L, Goodyear
USA
Arizona 85338

Contact Us
Address

Verdant
2 Redheughs Rigg
Edinburgh
United Kingdom
EH12 9DQ

501 E Kennedy Blvd
STE 1400
Tampa FL 33602

1375 North Service Rd E
Suite 102
Oakville
Ontario L6H 1A7

HEADQUARTERS
Verdant
2 Redheughs Rigg
Edinburgh
United Kingdom
EH12 9DQ



FLORIDA, USA OFFICE
501 E Kennedy Blvd.
STE 1400
Tampa FL 33602


ONTARIO, CANADA OFFICE
1375 North Service Rd E
Suite 102
Oakville
Ontario L6H 1A7


Legal

Privacy Preference Center

Skip to content