Cyber Essentials FAQ

Wednesday, 27 June 2018

Cyber Essentials  logo


Over the past year we have seen a huge rise in the number of enquiries relating to the Cyber Essentials Certification scheme. Our previous blogs give a good introduction to the scheme and the 5 controls covered by the certification process:


Firewalls, Access Control, Patch Management, Secure Configuration and Malware Protection.


 It’s predicted that CE certification should help avoid around 80% of cyber attacks and certification is increasing being required by suppliers as part of their due diligence around supply chain cyber security.


  • You can perform a search on companies to check they have certification in place here.
  • UK Government Procurement Policy Note which covers Cyber Essentials is here.
  • We are Approved Practitioners of Cyber Essentials so we have been externally assessed and accredited to provide advice, guidance and consultancy in Cyber Essentials. You can find more information on how we can help here.


We have gathered some information on the most FAQs we have come across over the past year:


  • How long will it take to prepare for CE?

The answers do require detail and evidence and you may need some time to ensure you have all the correct policies and procedures in place. In most cases you will need a couple of weeks but sometimes longer.


  • What if we fail?

If you are using any unsupported software you will fail the certification. If you are non- compliant in other areas, you will get feedback and normally the opportunity to re-submit within a short time period. If you don’t manage this, then you will need to reapply but you need to wait 30 days. We are proud to say that all of the customers we have supported through the process have passed first time.


  • How often do we need to renew certification?

A certificate is awarded for 12 months. Organisations can easily lapse from compliance if they don’t keep on top of patch management, device configuration, access controls etc. Our IT support customers have peace of mind that these cyber security requirements are being managed continually. They should have no surprises when they recertify at the end of the year and can satisfy suppliers that cyber security risks are well managed. It is possible that a supplier may request an organisation to recertify before the 12-month period is up if they believe there is a risk that they have lapsed.


  • We have ISO 27001, do we need Cyber Essentials as well?

While the scope of ISO 27001 is much wider than CE it does not explicitly cover all of the CE controls. They are different but complementary certifications. In an ideal world you would have both, but Cyber Essentials is a good place to start.


If you have other questions, why don’t you call us for a no obligation chat about the scheme.


RedMosquito Ltd provide IT Support across Glasgow, Edinburgh and throughout Scotland.


T 0141 348 7950
Glasgow 27 Panorama Business Village, Glasgow. G33 4EN
Edinburgh 8 Albany Street, Edinburgh EH1 3QB


facebook gplus twitter linkedin


Formed in 1999 Red Mosquito provide a complete one-stop technical consultancy service offering managed services IT support, computer maintenance, computer networking and Cloud Services to businesses in Scotland and beyond. We operate as a complete outsourced IT department dealing with all of the day to day administration and configuration of our client's systems.

Based at our Operations Centre in Glasgow and in Edinburgh, we're in the business of providing top quality IT services driven by our passion for technology. Our team of experienced IT support engineers operates throughout Scotland keeping your servers and desktop computers running smoothly so that you can concentrate on what's really important - your business.

We are your IT department.

Case Studies

  • Russel & Aitken

    Founded in Falkirk in 1818 Russel & Aitken is one of the oldest legal firms in Scotland. From the start they have been associated with innovative new technologies and today they continue to maintain a modern and progressive approach to their business.

  • CMS Windows Ltd.

    When Red Mosquito started working with CMS in early 2011 our first task was to fully understand a complex business and the needs of its employees....