A step-by-step cyber security vulnerability analysis & improvement programme to achieve Cyber Essentials PLUS certification.

Cyber Essentials PLUS certification logo

Cyber Essentials PLUS Readiness Programme.

Objective analysis of cyber security controls and processes is essential to understand or review the current state of your cyber security.

Comtact’s Cyber Essentials PLUS Readiness Programme provides an objective analysis of existing security controls to identify the improvements required to achieve Cyber Essentials PLUS certification, in a step-by-step plan.

Health Check icon

Security Health Check & Analysis

Assessment against the 5 technical security controls required for Cyber Essentials PLUS.

Security Report icon

Targeted Improvement Programme

A step-by-step improvement programme to close the gaps in your security.

Cyber Security certification icon

Cyber Essentials PLUS Certification

Verification of your improved security controls, with Cyber Essentials PLUS certification.

About Comtact Ltd.

24/7 Security Operations Centre (SOC)

Comtact Ltd. is a government-approved, ISO27001-accredited Cyber Security and IT Managed Service Provider.

Located at the heart of our Tier 3 data centre in Northampton, UK, our security assessment team will help you expertly navigate the Cyber Essentials PLUS certification process.

Cyber Essentials PLUS assessment

To pass the Cyber Essentials PLUS certification, you must demonstrate the required level of protection against 5 technical security controls - as outlined below. The certification process requires both an internal and external vulnerability scan, plus an on-site assessment to rigorously test against these 5 security controls.

For this reason, Cyber Essentials PLUS certification can be difficult to achieve, but will ensure a comprehensive security framework.

Speech marks

Our customers kept asking us for something more... A comprehensive programme to help reach the requirements of Cyber Essentials PLUS, but tailored to the unique demands of their organisation.

The 5 technical security controls


Secure Configuration

User Access Control

Malware Protection

Patch Management

Ensure that only safe and necessary network services can be accessed from the Internet.

Ensure that computers & network devices are configured to reduce the level of inherent vulnerabilities.

Ensure user accounts are assigned to authorised individuals only, with access to those applications required to perform their role.

Restrict execution of known malware and untrusted software, to prevent harmful code from accessing sensitive data.

Ensure that devices and software are not vulnerable to known security issues for which patches or fixes are available.

Expert Assessment

Improvement Plan

Better Security

Discovery workshop

Vulnerability scan
     (Internal & External)

Detailed report

Gap analysis

Executive-level report

Remediation plan
     (with detailed SOW)

Real benefits

Reduces risks

Recognised award

Step-by-step improvement programme

Cyber Essentials Readiness Service Guide

Baseline assessment against the 5 technical security controls required for Cyber Essentials PLUS.


Recommendations and project plan to close the gaps in your security (in the form of a Statement of Works).


Implementation of the recommendations to comply with Cyber Essentials PLUS.


Re-assessment to confirm remediations have been implemented to meet the required standards.


Cyber Essentials PLUS certification.

What do you get?

  • Detailed assessment against the 5 technical security controls.
    Not a generic, out-of-the-box programme, but tailored assessment & analysis to the unique demands of your organisation.
  • Technical vulnerability scan (internal and external).
    Detailed, risk-graded technical report with remediations - to identify configuration and patching requirements.
  • Gap analysis of the findings.
    An executive-level report on the findings and high-level recommendations.
  • Highly tailored improvement programme.
    Project plan, based on ‘best practice’ and expert insight in the form of a Statement of Works (SOW).
  • Re-assessment vulnerability scan (internal and external)
    To validate the improvements prior to certification.
  • Cyber Essentials PLUS certification


Cyber Essentials Questionnaire Guide


An expert guide to help you answer the Cyber Essentials questionnaire.

Cyber Essentials PLUS Readiness Guide


Read more about our Cyber Essentials PLUS readiness service.

Cyber Essentials PLUS pricing


Request guide prices, or just ask a question!

Advanced Cyber Defence.

Working from Comtact's UK Cyber Defence Centre, our NOC/SOC teams are recognised experts in supporting large IT infrastructures, helping you simplify and solve today and tomorrow’s IT challenges.

Advanced Cyber Defence

24x7 Monitoring & Response

Expert Support

Subscribe and keep your knowledge up to date.


Cyber Essentials vs Cyber Essentials PLUS: What's the difference?

Read more


What is a Vulnerability Scan and does my company need one?

Read more