Cyber Essentials certification.
Done properly.

Consider IT is an IASME-accredited certification body based in Edinburgh. We guide Scottish businesses through Cyber Essentials and Cyber Essentials Plus, clearly, efficiently, and without the jargon.

Get your quote

Most businesses need Cyber Essentials.
Few know where to start.

Cyber Essentials is a UK government-backed certification scheme designed to protect organisations against the most common cyber attacks. It establishes a baseline of security controls that every business should have in place, from firewalls and secure configuration to access control and malware protection. For any organisation handling sensitive data or bidding for public sector work, it is rapidly moving from "nice to have" to non-negotiable.

Since 2014, Cyber Essentials has been mandatory for UK government contracts involving sensitive and personal information. Today, many Scottish public bodies and private sector organisations require it from all suppliers. The question for most businesses in Scotland is no longer whether they need it, but how to go about getting it without wasting time or money on the wrong provider.

That is where we come in. Based in Edinburgh and working with organisations across Scotland and beyond, Consider IT has helped hundreds of businesses achieve Cyber Essentials certification. We take the complexity out of the process and give you a clear path from enquiry to certified, with honest pricing, real expertise, and none of the ambiguity that makes certification feel harder than it needs to be.

Two levels of certification

Cyber Essentials certification badge

Cyber Essentials

The foundational level. Your organisation completes a self-assessment questionnaire covering the five key technical controls. A licensed assessor (in this case, us) reviews your answers, verifies them against the IASME standard, and issues your certificate. It is straightforward, and for many organisations it is all that is needed to satisfy contract requirements and demonstrate due diligence to clients.

Cyber Essentials Plus certification badge

Cyber Essentials Plus

Everything in the basic certification, plus a hands-on technical audit. Our assessors test your systems directly, checking vulnerability to malware, verifying patch levels, testing access controls in practice rather than on paper. Cyber Essentials Plus provides a higher level of assurance and is increasingly expected by larger organisations and those in regulated sectors. If you handle significant volumes of personal data or work with government, this is often the right choice.

Not sure which level you need? We will advise you, no obligation.

Edinburgh-based. Nationally accredited.

Consider IT is not a certification mill. We are a full-service IT security practice based at Waterview House in Edinburgh, with over a decade of experience supporting Scottish businesses. Cyber Essentials certification is one part of what we do, alongside penetration testing, vulnerability assessment, compliance, and managed IT services. That breadth means we understand your security posture in context, not just against a checklist.

As an IASME-accredited certification body, we are licensed to assess and certify organisations for both Cyber Essentials and Cyber Essentials Plus. We have guided organisations of every size through the process, from five-person start-ups to large public sector bodies. Our approach is straightforward: we explain what is needed in plain language, we provide a fixed price, and we get you certified without unnecessary delays.

We are also the people you can call after certification. If the assessment reveals issues, we can help you fix them. If you want to go further with your security, we are already here. That continuity is something a remote, transactional assessor cannot offer.

"Consider IT are part of the glue that helps our business run successfully. They give us peace of mind. They are one step ahead of everything, eradicating issues before they happen."

David Lewis, Managing Director, LEWIS

"Their excellent service standards and innovative approach has made a significant difference to our business progression. I would highly recommend."

Peter Boyd, Boyd Legal

Straightforward pricing

We do not believe in hidden fees or vague estimates. After a short scoping conversation we provide a fixed quote based on the size and complexity of your organisation. The Cyber Essentials price you are quoted is the price you pay, no surprises at the end.

Cyber Essentials

From £300 + VAT

Cyber Essentials Plus

From £1,500 + VAT

Every organisation is different. Get an accurate Cyber Essentials quote in under 24 hours.

From enquiry to certified

1

Get in touch

Fill in the form below or give us a call. Tell us a little about your organisation and what you need and we will take it from there.

2

Scoping call

We assess which level of certification is right for you and provide a fixed, no-obligation quote. No ambiguity, no pressure.

3

Preparation support

If needed, we help you identify and close any gaps before the formal assessment. This step is optional but can save significant time.

4

Assessment

For Cyber Essentials, you complete the self-assessment questionnaire and we verify it. For Cyber Essentials Plus, our assessors perform a hands-on technical audit of your systems.

5

Certification

You receive your Cyber Essentials certificate, valid for 12 months. We can also support you with recertification when the time comes.

Common questions

What is Cyber Essentials?

Cyber Essentials is a UK government-backed certification scheme that helps organisations guard against the most common cyber threats. It covers five key technical controls: firewalls and internet gateways, secure configuration, user access control, malware protection, and security update management. Achieving certification demonstrates to clients, suppliers, and regulators that your organisation takes cyber security seriously.

What is the difference between Cyber Essentials and Cyber Essentials Plus?

Cyber Essentials is a self-assessment questionnaire verified by an accredited assessor. Cyber Essentials Plus includes everything in the basic certification, plus a hands-on technical audit where the assessor actively tests your systems to verify that the controls are working in practice. Plus provides a higher level of assurance and is increasingly required for larger contracts and regulated industries.

How long does Cyber Essentials certification take?

Most organisations achieve Cyber Essentials within one to two weeks. Cyber Essentials Plus typically takes two to four weeks, depending on the size and complexity of your IT environment. If you are working to a deadline (for a contract bid, for example) we can often expedite the process.

How much does Cyber Essentials cost?

The Cyber Essentials price depends on the size of your organisation and the level of certification you need. We provide a fixed quote after a short scoping conversation so there are no surprises. Contact us for an accurate quote tailored to your business.

Do I need Cyber Essentials for government contracts?

Yes. Since 2014, Cyber Essentials has been mandatory for UK government contracts that involve handling sensitive or personal information. Many public sector bodies across Scotland now require it as a minimum for any supplier, regardless of contract value. If you are tendering for public sector work, certification is effectively essential.

Is Cyber Essentials a legal requirement in Scotland?

Cyber Essentials is not a legal requirement in itself. However, it is increasingly expected. Scottish public sector procurement frequently mandates it, and growing numbers of private sector organisations require suppliers to hold the certification as a condition of doing business. It is also recognised by insurers and can positively affect your cyber insurance premiums.

Can you help us prepare for the assessment?

Absolutely. We offer optional preparation support to help you identify and resolve any gaps before the formal assessment begins. This is particularly useful for organisations going through the process for the first time, and it avoids the cost and delay of a failed assessment.

How long is the certificate valid?

A Cyber Essentials certificate is valid for 12 months from the date of issue. Annual recertification is required to maintain your certified status. We contact our clients ahead of renewal to make the process as smooth as possible.

Get your Cyber Essentials quote

Which certification are you interested in?

We will respond within one working day. Your details are handled in accordance with our privacy policy.

Thank you for your enquiry.

We will be in touch within one working day.