Cyber Essentials Plus Pack
Everything in the Cyber Essentials Pack, plus the runbooks and evidence to walk into the hands-on audit prepared.
Cyber Essentials Plus is the same five controls, verified. The audit is where people stall.
The base certification trusts your self-assessment. Plus does not. An independent assessor tests your systems directly: a vulnerability scan, a sample of your devices, and hands-on checks that your patching, malware protection, MFA, and account separation actually behave the way your answers claim. The organizations that breeze through the questionnaire are often the ones caught out here, because the audit surfaces the gap between what is written and what is running.
This pack closes that gap before the assessor arrives. It is the complete Cyber Essentials Pack plus an audit layer that lets you run the assessor's own tests on yourself first.
You get every policy, register, and plan from the base pack, the governance behind the five controls, and the Self-Assessment Question Mapping. The sections below are what Plus adds on top, for the hands-on assessment.
Rehearse exactly what the assessor runs
The hands-on assessment follows a fixed set of tests. The pack gives you a runbook for each one, so you find and fix the failures on your own schedule, not on audit day.
Scope, evidence, and the day itself
The other half of passing Plus is agreeing the right scope, capturing evidence the assessor accepts, and being ready when they arrive.
A Scope and Sampling Guide, a Device Sampling Worksheet, and a Scope and Segregation Verification Worksheet, so the engagement starts from an agreed boundary.
An Evidence Capture Pack, a Vulnerability Remediation Tracker, MFA and Account Separation Verification, and a Cloud Service and MFA Register.
Assessor Day Logistics and a Pre-Audit Sign-Off, so the assessment runs to a plan instead of a scramble.
What this looks like in practice
You have already run the same scan, logged each finding in the remediation tracker, fixed it, and captured the re-test, so there are no surprises.
Your Device Sampling Worksheet and scope verification justify the boundary up front, so the sample is agreed rather than argued.
You work from the logistics plan and a signed-off readiness check, and produce evidence on request instead of hunting for it.
Walk into the hands-on audit having already run it yourself.
The complete Cyber Essentials Pack, plus the Plus audit layer · Editable Word and Excel · Buy once, and we send you every future update
Who it's for
Organizations whose customers, insurers, or contracts require Cyber Essentials Plus specifically, anyone who has passed the self-assessment and now faces the hands-on audit, and consultants who want a repeatable, assessor-ready package for client engagements. The independent assessment is performed by an IASME-appointed body and is not included. This pack makes it something you walk into prepared.
Document Customization
Need this customized to your organization?
Complete an intake form. We customize every document: industry context, regulatory mapping, calibrated parameters. Delivered in 7-10 business days.
Need the skills to operate the program? Our training platform builds the capability. Explore courses →
