If you have not passed your initial assessment
If your Cyber Essentials certification application fails or you fail the external vulnerability scan or internal testing as part of the Cyber Essentials Plus certification, there will be additional fees charged for any retests required.
If you receive a ‘fail’ notification for your first submission of the Cyber Essentials assessment for a Cyber Essentials certification you will have two working days to resolve any issues and resubmit for further review without any further cost.
If any tests that form the Cyber Essentials Plus technical audit need repeating, the below fees will apply. Fees charged differ depending whether repeat testing is completed within one month of a ‘fail’ notification, or longer.
What can you do if you do not complete all the required changes to the Cyber Essentials assessment within the required two days of receiving a ‘fail notification’?
You will receive a ‘fail’ and will have to apply for recertification which will be billed for the full certification cost. The costs of repeat tests, assessments and recertification are outlined below.
What can you do if you do not repeat your assessment within the required one month period?
You will be awarded an overall fail and may have your Cyber Essentials certification revoked. If your Cyber Essentials Certification is revoked, you will have to apply for recertification which will be billed for the full certification cost.
The costs of repeat tests, assessments and recertification are outlined below.
Additional costs are applied in the form of consultant travel time and expenses for on-site visits to locations inside or outside of mainland UK.
If the application process is repeated within one month of a ‘fail’ notification
Cyber Essentials
*In the event of a failed test, all IP addresses within the scope will need to be scanned again, as the tests provide a snapshot of security practices, and all IP addresses are required to pass at the same time.
Cyber Essentials Plus internal assessment
- Cost of internal scan/onsite retest £1,250
- Cost of remote retest, only available within certain parameters: £200 per hour
Cyber Essentials Plus external assessment
*In the event of a failed test, all IP addresses within the scope will need to be scanned again, as the tests provide a snapshot of security practices, and all IP addresses are required to pass at the same time.
If the Cyber Essentials Plus application process is repeated after one month
If the application process is repeated after one month of a ‘fail’ notification, please contact us to discuss the options available.
Cyber Essentials Plus
Please note: The above costs are based on a fixed scope as outlined in the product descriptions for Cyber Essentials Plus. Any deviation from this scope will incur additional expenses and can be discussed in advance.
If your external vulnerability scans have delivered a ‘fail’ result, you can purchase repeat scans here.