Whether you choose Cyber Essentials or Cyber Essentials Plus, you need to appoint a Certifying Body to carry out the assessment. All CREST Certifying Bodies (CBs) use the CREST Questionnaire and you can download a copy here, to give you a feel for what the Standard: CREST Cyber Essentials Questionnaire v3.2
. CREST has no influence over the cost which is driven by the market and will depend on the size of the organisation and the scope of the assessment. You will need to carry out your normal tender process and select the most appropriate supplier for you. All CREST CBs certify against set criteria so you will not have to compare the content of service provision. You will find a list of our Certifying Bodies here
There are a number of suppliers that you could select but you will get the best value by appointing one who is accredited and will use qualified consultants: it is the combination of these features that will provide you with the greatest assurance and confidence that an effective assessment has been performed in the most professional manner. CREST is a not-for-profit accreditation and certification body whose role is to create and maintain high standards within the cyber security sector and to drive a consistency of quality across its member organisations to offer assurance to the buying community. Any organisation procuring Cyber Essentials services can rest assured that CREST Cyber Essentials Certifying Bodies have:
Demonstrated appropriate levels of quality assurance processes, security controls, security assessment methodologies and met additional qualification criteria;
Proven access to technically competent and appropriately qualified staff;
Committed to abiding by the requirements for Certification Bodies for Cyber Essentials;
Signed an enforceable CREST Code of Conduct.
The list of the CREST Approved Cyber Essentials Certifying Bodies also gives information on their primary office locations to help you select the right one for you.
There is useful preparation advice in the following document regarding the Cyber Essentials requirements for your IT Infrastructure.
Requirements For It Infrastructure (PDF)