Cyber Essentials Plus certified.
Talk Think Do holds Cyber Essentials Plus certification, the highest level of the UK government's Cyber Essentials scheme. Our technical security controls have been independently tested and verified by a qualified assessor, confirming they protect against the most prevalent cyber threats.
Discuss your security requirements
Cyber Essentials and Cyber Essentials Plus.
Cyber Essentials is a UK government-backed scheme, developed by the National Cyber Security Centre (NCSC), that defines a baseline set of technical controls organisations should have in place to protect against the most common cyber threats. The scheme exists because the majority of successful cyber attacks exploit basic weaknesses that these controls address.
There are two levels of certification. Cyber Essentials involves a self-assessment questionnaire reviewed by a qualified assessor. Cyber Essentials Plus goes further: an independent technical expert conducts hands-on verification of the controls, testing systems directly rather than relying on declarations. Talk Think Do holds the Plus level.
Cyber Essentials Plus certification is required by the UK government for contracts that involve handling personal data or providing technical services. It is also widely required by organisations in regulated industries and the supply chains of larger enterprises.
The five technical control areas
- Firewalls — Boundary and device firewalls configured to block unauthorised access from the internet
- Secure configuration — Systems and software configured securely, removing unnecessary features and default credentials
- User access control — User accounts limited to necessary permissions, with privileged access tightly controlled
- Malware protection — Protection against malicious code via malware scanning, application whitelisting, or sandboxing
- Patch management — Operating systems and software patched and updated within defined timeframes
Plus vs basic
Cyber Essentials Plus requires an independent assessor to test the controls directly, not just review a self-assessment. It provides a higher level of assurance than the basic certification.
Why Cyber Essentials Plus matters when choosing a supplier.
Required for UK government contracts
Cyber Essentials certification is mandatory for UK central government contracts involving personal data or technical delivery. Our Plus-level certification means we can work within these procurement requirements without additional remediation.
Independently verified, not self-declared
Unlike basic Cyber Essentials, the Plus certification requires a qualified assessor to test our systems directly. When you see our Cyber Essentials Plus badge, it reflects external technical verification, not our own assessment of our security.
Protection against supply chain attacks
Many organisations are targeted through their suppliers rather than directly. Our certification gives you assurance that your supply chain partner is not the weakest link. Our controls have been verified to protect against the attack vectors most commonly used to compromise suppliers.
Baseline for sensitive engagements
For projects involving sensitive personal data, financial records, or operationally critical systems, Cyber Essentials Plus provides a verified baseline. Combined with our ISO 27001 certification, it gives a comprehensive picture of our security posture.
Annual recertification
Our Cyber Essentials Plus certification is renewed annually. Our controls are retested each year, reflecting any changes to our infrastructure, working practices, or the threat landscape. Our certification is current, not historical.
Works alongside our ISO 27001 ISMS
Cyber Essentials Plus and ISO 27001 are complementary. CE+ provides a clear, testable set of technical controls. ISO 27001 provides the management system that governs how those controls are maintained and improved. Together they cover both the technical and organisational dimensions of security.
Need our certification details?
We can provide certificate documentation, answer security questionnaires, or discuss our technical controls in detail as part of your supplier due diligence process.