Cartoon bee with a shield representing cyber security services. Remote Access Open Support Request

Cyber Essentials Plus Certification

Powered by CyberSmart

Cyber Essentials Plus Certification

Blowfish Technology guides North West businesses through Cyber Essentials Plus – the independently verified, higher-assurance tier of the UK Government’s Cyber Essentials scheme. Demonstrate that your cyber security controls have been tested and confirmed by an accredited assessor.

What CE Plus Adds Over CE

  • Independent technical verification by an accredited assessor
  • Real vulnerability scanning of your systems
  • Authenticated internal scan of devices
  • Higher level of assurance for clients & supply chain
  • Must be completed within 3 months of CE certification
  • Blowfish Technology holds CE Plus accreditation
PlusIndependent technical verification – not just self-assessment
3moMust complete CE Plus within 3 months of CE
NHSRequired for NHS and many public sector contracts
RealActual vulnerability testing – not just a questionnaire

CE vs CE Plus

The Independently Verified Tier of Cyber Essentials

Cyber Essentials is a self-assessment – you complete a questionnaire confirming the five controls are in place, and an assessor reviews your answers. It is a valuable and widely recognised certification, but it relies on your own confirmation of compliance.

Cyber Essentials Plus takes this further. An accredited assessor – like Blowfish Technology – independently verifies that the controls are actually implemented and working correctly, through real technical testing including external vulnerability scanning and authenticated internal device testing.

CE Plus provides a much higher level of assurance to clients, partners and insurers – and is increasingly required by NHS suppliers, defence contractors and major enterprises.

CE vs CE Plus – Side by Side

CE CE Plus
Self-assessment questionnaire
Assessor review of answers
Independent technical verification
External vulnerability scan
Internal device assessment
Free cyber insurance (eligible businesses)

The Process

How Blowfish Gets You CE Plus Certified

We manage the entire process – from initial gap analysis through to final certification – ensuring your business passes first time.

1

Gap Analysis

We assess your current environment against all five controls – identifying gaps before the formal assessment begins so there are no surprises.

2

Remediation

We fix any gaps – patching, configuration changes, MFA deployment, firewall rules and other remediation required to bring your systems into compliance.

3

CE Self-Assessment

We guide you through the Cyber Essentials questionnaire on the CyberSmart platform – ensuring your answers accurately reflect your controls and pass assessor review.

4

Technical Testing

Our accredited assessors carry out external vulnerability scanning of your internet-facing services and an authenticated internal scan of a sample of devices.

5

Certification

On successful completion you receive your CE Plus certificate – valid for 12 months and listed on the NCSC’s public register of certified organisations.

6

Annual Renewal

We manage your annual renewal – keeping your certification current and ensuring your controls continue to meet the latest requirements as the scheme evolves.

Why Blowfish + CyberSmart

CE Plus Certification You Can Trust

We hold Cyber Essentials Plus ourselves – so when we guide you through the process, you’re working with a team that has been through exactly the same assessment and understands the requirements from the inside out.

Get in Touch

We Hold CE Plus Ourselves – We practise what we preach – Blowfish is CE Plus accredited
Full Gap Analysis First – No surprises – we identify and fix gaps before testing begins
Technical Remediation Included – We don’t just assess – we fix the issues we find
CyberSmart Platform – Streamlined, guided certification process
Annual Renewal Managed – We keep your certification current every year
ISO 27001 Accredited – Our security management meets the highest international standards

Frequently Asked Questions

Do I need Cyber Essentials before I can get Cyber Essentials Plus?

Yes. CE Plus must be completed within three months of achieving your CE certification. Blowfish Technology can manage both certifications as a combined process.

What does the technical testing involve?

An external vulnerability scan of your internet-facing services and an authenticated internal scan of a representative sample of devices – checking patches, configurations, malware protection and user access controls.

What if we fail the technical assessment?

Blowfish Technology conducts thorough gap analysis and remediation before submitting – significantly reducing the risk of failure. If issues are identified, we resolve them and retest within the certification window.

Who requires Cyber Essentials Plus?

CE Plus is increasingly required by NHS suppliers, MOD contractors, defence industry suppliers and large enterprises wanting higher assurance from their supply chain. It is also increasingly specified by cyber insurers.

How much does Cyber Essentials Plus cost?

Cost depends on organisation size, number of devices in scope and remediation required. Contact Blowfish Technology for a full quote.

Ready to Achieve Cyber Essentials Plus?

Talk to Blowfish Technology about CE Plus certification for your North West business.

Get in Touch
Back to Cyber Security

Join Our Mailing List


    We never share your data, for more information please read our privacy policy.