Get independently verified. Cyber Essentials Plus adds external penetration testing and vulnerability assessment to the standard five controls, giving you and your stakeholders complete confidence in your security posture.
Official IASME certificate + external testing report
Proves controls work in practice, not just on paper
High-risk sectors, large contracts, insurance requirements
Cyber Essentials Plus is the enhanced version of the standard Cyber Essentials scheme. It includes everything in standard Cyber Essentials — the five fundamental controls — plus independent external testing to verify those controls actually work in practice.
While standard Cyber Essentials is self-assessed, Cyber Essentials Plus involves a qualified external assessor who performs vulnerability scanning and limited penetration testing to confirm your security controls are effective against real-world attack scenarios.
| Aspect | Standard CE | CE Plus |
|---|---|---|
| Assessment Type | Self-assessment only | Self + external testing |
| External Testing | None | Vulnerability scan + pen test |
| Cost (Ireland) | €800–€2,000 | €3,000–€8,000 |
| Timeline | 4–8 weeks | 8–12 weeks |
| Validity | 3 years | 3 years |
| Assurance Level | Medium (self-reported) | High (independently verified) |
Note: Costs vary by assessor and organisation size. Contact us for a personalised quote.
Week 1-2
We evaluate your current security posture and scope the external testing.
Week 3-4
Identify gaps and create a practical roadmap to close them.
Week 5-6
Implement controls and external assessor performs vulnerability scanning and penetration testing.
Week 7-8
Address any vulnerabilities identified during external testing.
Week 9-10
External assessor confirms all controls are effective.
Week 11-12
Official IASME certificate issued.
Vulnerability scanning is automated and identifies known weaknesses. Penetration testing is manual and attempts to exploit those vulnerabilities to assess real-world risk. Cyber Essentials Plus includes both.
No. External testing is non-destructive and scheduled during agreed windows. We coordinate with your team to minimise any impact.
Vulnerabilities are documented in a detailed report. You then have time to remediate them, and the external assessor re-tests to confirm fixes. This is a normal part of the process.
Not mandated, but increasingly required by government contracts, large enterprises, and cyber insurance providers. If you're bidding for significant contracts or in a regulated sector, it's worth considering.
Yes. If you're already certified, you can add the external testing component to upgrade to Cyber Essentials Plus.
Typical costs range from €3,000–€8,000 depending on your organisation size and complexity. Contact us for a personalised quote.
Compare with the standard self-assessed Cyber Essentials scheme and decide which is right for your business.
CompareUnderstand how Ireland's CyFUN framework compares to the UK Cyber Essentials scheme.
Compare frameworksBook a free 20-minute assessment call. We'll evaluate your security posture and create a personalised roadmap to Cyber Essentials Plus certification.
No commitment. No hidden fees. Just practical advice tailored to your business.
We use cookies to enhance your experience, analyze site traffic, and serve targeted content. By clicking "Accept All," you consent to our use of cookies. You can manage your preferences in our cookie policy.