Cyber Essentials is a UK government-backed certification designed to help organisations protect against the most common internet-based attacks and demonstrate a baseline level of cyber hygiene. It’s widely used in supply chains, and many organisations require it as part of procurement and contract eligibility.

Surreytech Group helps you achieve Cyber Essentials through a structured readiness and remediation approach—clarifying scope, aligning controls, and supporting evidence where required—so certification becomes predictable and repeatable rather than a last-minute scramble. (Certification is awarded by an accredited Certification Body; we support you through preparation.)

• Cybersecurity strategy and programme delivery
• Risk assessments, control design, and remediation planning
• Incident readiness and response improvement
• Security architecture and secure cloud adoption support
• Security awareness and operational uplift

Cyber Essentials focuses on five technical control themes (the scheme’s core requirements) and expects organisations to meet all requirements for the scope they choose.

The five control themes

• Firewalls & routers (secure boundary)
• Secure configuration (hardened devices and services)
• Security update management (patching)
• User access control (least privilege)
• Malware protection (anti-malware and controls)

Scope is one of the most common points of failure. The Cyber Essentials requirements expect you to establish the boundary of scope, determine what’s in scope, then ensure every requirement is met for that scope.
We help you define scope clearly (whole organisation vs a segregated sub-set), document it in a way that aligns to scheme expectations, and avoid creating accidental gaps that cause delays.

We make certification straightforward with a practical delivery approach:

The five control themes

• Readiness review: confirm scope, identify gaps against the five controls
• Remediation plan: prioritised actions with owners and quick wins
• Implementation support: policies/standards, configuration guidance, operational practices
• Questionnaire & evidence support: strengthen responses and compile evidence if requested by the Certification Body (some applicants are required to supply evidence)

• Cyber Essentials scope definition + asset/service inventory guidance
• Gap assessment mapped to the five control themes
• Prioritised remediation plan (risk + effort based)
• Evidence pack support (where applicable)
• Pre-submission validation checklist

• Scope not defined clearly (or inconsistent with reality)
• Patch/update policies exist but aren’t consistently applied
• Admin privileges too broad / no clear access control approach
• Unmanaged devices or “shadow IT” in scope
• Inconsistent secure configuration across endpoints and cloud services

If you’re aiming for Cyber Essentials Plus as well, we recommend planning for Plus early—because Plus includes independent technical verification and sampling that can reveal hidden gaps

Contact Us