Cyber Essentials Online: Frequently Asked Questions
Common questions about completing Cyber Essentials certification online with Fig Group.
Yes. Fig Group delivers the full Cyber Essentials process through an online platform. You order online, complete the self-assessment questionnaire online, receive feedback online, and receive your certificate digitally. No paperwork, no phone calls, no email chains.
Fig Group guarantees Cyber Essentials certification within 6 hours of submission for compliant orders placed before midday. The online platform is what makes this possible - by removing email and manual handoffs, the process runs in hours rather than days.
No. The Cyber Essentials questionnaire runs entirely in the browser on any modern device. You do not need to download anything, install plugins, or configure software. A laptop or desktop with internet access is all that is required.
Yes. The certificate is the same NCSC-backed document issued by every IASME-licensed certification body. It appears on the same public register, is valid for the same 12 months, and is recognised identically by government, insurers, and supply chain partners.
Cyber Essentials from Fig Group starts at £314.99 + VAT for micro organisations and ranges up to £649 + VAT for large organisations. Cyber Essentials Plus starts at £1,499 + VAT. The online delivery does not cost more - it actually costs less than many traditional bodies charge for the same certificate.
Most of Cyber Essentials Plus is conducted online, including order management, scheduling, and results delivery. The external technical audit component is typically performed remotely via screen sharing and remote scanning tools. The process is largely digital, but the Plus audit itself takes 1 to 3 working days rather than 6 hours.
Cyber Essentials is a UK government-backed certification scheme developed by IASME (the Information Security Accreditation Membership Body). It validates that your organisation has implemented essential cyber hygiene controls based on the NCSC (National Cyber Security Centre) guidelines. The certification demonstrates your commitment to cybersecurity best practices and helps protect against common cyber attacks.
Cyber Essentials is the self-assessed certification level covering 5 core control categories. CE Plus adds an independent, third-party verification layer: a qualified assessor conducts a technical audit of your systems, including vulnerability scanning and verification that controls are implemented correctly. CE Plus is more rigorous and carries greater credibility with customers, insurers, and partners.
Any organisation can benefit from CE certification. It's particularly valuable if you: are a contractor bidding for government contracts or critical infrastructure tenders, work with sensitive data, want to demonstrate cyber controls to customers or insurers, or need compliance evidence for frameworks like NIS2 or ISO 27001.
Cyber Essentials certification is valid for one year from the date of assessment. You'll need to re-certify annually.
Cyber Essentials starts from £314.99 + VAT for micro organisations (1-9 staff) and ranges up to £649 + VAT for large organisations (250+ staff). Cyber Essentials Plus starts from £1,499 + VAT and includes a third-party technical audit. All Fig Group pricing is fully transparent with no hidden fees.
Under Procurement Policy Note 014/21, UK central government contracts that involve handling sensitive or personal information may require Cyber Essentials certification. The specific requirement depends on the contract and the data involved. Many private-sector organisations also expect it from suppliers. If you need certification quickly to meet a tender deadline, Fig Group offers same-day certification for orders placed before midday.
Under the v3.3 update, multi-factor authentication (MFA) becomes mandatory for all user accounts that access organisational data or services. This applies to assessment accounts created from 28 April 2026 onwards. It covers cloud platforms, remote access, email, and administrative accounts. Existing certifications assessed before this date are not retrospectively affected.
If your assessment identifies gaps in your controls, you will receive clear feedback on exactly what needs to be remediated. Fig Group provides structured feedback up to three times on your submission. You can then make the necessary changes and resubmit without delay. Most organisations that prepare using our readiness checker pass on their first attempt.
Cyber Essentials covers five core control categories that map directly to a subset of ISO 27001 Annex A controls, including access control, patch management, secure configuration, and malware protection. Achieving Cyber Essentials gives you a head start on ISO 27001.