Cost Effective Certification
Affordable, scalable packages designed to fit your business
Certified Assessors
Certified Asessors
Full support and guidance throughout the certification process with our team
Cyber Insurance
Cyber Essentials certification includes automatic cyber liability insurance for any UK organisation who certifies their whole organisation
Grow Your Business
Cyber Essentials shows you take IT Security seriously which can help win new clients
Cyber Essentials
At ONSec, we don’t just process your Cyber Essentials application we partner with you to make sure you’re ready to pass with confidence. Our IASME-accredited assessors bring deep knowledge of the certification process and a practical, hands-on approach that ensures no guesswork and no unnecessary resubmissions.
Before we begin the formal assessment, we’ll review your current setup, help you identify any gaps, and guide you through the required improvements. If you're not quite there yet, we hold off on submitting until you're ready, giving you the best chance of first time success.
Cyber Essentials focuses on five key technical controls that defend against the most common and preventable cyber threats. .
Firewalls and Routers
As part of your Cyber Essentials assessment, we’ll verify that firewalls are in place to protect your network from unauthorised access. We don’t just check for their presence—we ensure they’re properly configured, securely managed, and kept up to date with the latest security patches to defend against known threats.
Secure Configuration
A crucial part of the assessment is ensuring you have a clear process for regularly reviewing and updating the security settings across your software, devices, and systems.
This includes enforcing strong password policies, managing credentials securely, and implementing multi-factor authentication (MFA) where appropriate. These controls are essential to reducing the risk of unauthorised access and ensuring your defences evolve alongside emerging threats.
Access Control
As part of the assessment, we’ll review how your organisation manages user access to systems and sensitive data. This includes checking that you have a defined process for granting and revoking access, regularly reviewing permissions, and ensuring that users only have access to what they need. We’ll also assess how you monitor user activity to detect suspicious behaviour—an essential step in preventing insider threats and unauthorised access.
Malware Protection
In this part of the assessment, we’ll evaluate whether your organisation routinely installs security updates across all operating systems and software. We'll look at your process for testing and deploying patches, as well as how you track, prioritise, and address known vulnerabilities. Timely patching is one of the most effective defences against exploitation, and a structured update process is key to maintaining a secure environment.
Update Management
During this stage of the assessment, we’ll examine whether your organisation consistently applies security updates to all operating systems and software in use. We'll assess your procedures for testing and deploying updates safely, as well as how you identify, track, and remediate vulnerabilities. A proactive patch management strategy is essential to protect against emerging threats and reduce your exposure to known exploits.
Cyber Essentials Plus
Cyber Essentials Plus builds on the foundation of Cyber Essentials by adding a hands-on technical audit of your IT systems. While the standard Cyber Essentials certification is based on a verified self-assessment, Cyber Essentials Plus offers a higher level of assurance through independent testing.
Although both certifications are based on the same five technical controls, Cyber Essentials Plus validates that those controls are not only documented but effectively implemented across your infrastructure.
