What is Cyber Essentials?
Last updated
Cyber Essentials is a UK government-backed certification, run by the National Cyber Security Centre, showing an organisation has five baseline technical controls in place: firewalls, secure configuration, access control, malware protection, and security update management. Cyber Essentials Plus adds independent hands-on testing of the same controls.
The scheme exists to make basic cyber hygiene checkable: certification is annual, the certificate is verifiable, and the Plus tier means an external assessor actually tested the controls rather than reviewing a questionnaire. It's deliberately a baseline — it proves the fundamentals are done, not that an organisation is impenetrable.
For clinics evaluating AI vendors, it slots into a hierarchy of assurance: Cyber Essentials (baseline controls, self-assessed) → Cyber Essentials Plus (baseline controls, independently tested) → ISO 27001 (a full, audited information-security management system). A vendor processing patient data should be able to evidence at least one rung of that ladder without hesitation — it's one of the six governance questions we suggest asking every vendor.