Get Certified Without The Confusion.

The UK government-backed standard that shows your business has essential security controls in place. Whether you need it for a contract, a client, or a stronger security baseline - Clockwork Cyber makes the process straightforward from start to finish.

  • UK Government backed
  • Fixed price, no hidden fees
  • Most businesses certify in 2-3 weeks
  • Direct, personal support

Cyber Essentials

IASME / NCSC Scheme

5 Controls
2-3 Weeks typical
12mo Validity
  • Required for many UK government contracts
  • Buy online - pro forma available
  • Direct, personal support included

What it covers

Five Controls That Protect
Against The Majority Of Cyber Attacks.

Cyber Essentials is a UK government backed certification scheme developed by the NCSC and managed by IASME. It proves your business has five fundamental security controls in place the same areas that the vast majority of successful attacks against small businesses exploit.

It is not a lengthy compliance exercise or a theoretical audit. It is a structured self-assessment or independently verified assessment of five specific areas. Working through the process often surfaces security gaps businesses were not previously aware of, making it useful beyond the certificate itself.

The certification is valid for 12 months and is widely recognised by UK government departments, large enterprises, and insurers as evidence of a serious baseline security posture.

1

Firewalls

Boundary firewalls and internet gateways configured to block unauthorised access to your network

2

Secure configuration

Devices and software set up securely, with unnecessary features and accounts removed

3

User access control

User accounts managed and restricted to what each person genuinely needs to do their job

4

Malware protection

Protective measures against malicious software across devices and systems in scope

5

Patch management

Software and devices kept up to date with the latest security patches and updates applied promptly

Choose your path

Two Ways To Get One Clear Outcome.

Both options lead to exactly the same Cyber Essentials certification. The difference is how much guidance and review you want along the way.

Unassisted

You complete the questionnaire yourself

You lead the process through the IASME portal. Clockwork Cyber provides access, answers any clarification questions, and is available if you get stuck — but you drive it at your own pace.

Best for

  • Businesses with an IT manager or technical lead confident in answering the questions
  • Organisations renewing a previous Cyber Essentials certificate
  • Teams that want to move quickly and control the pace themselves

Not ideal if

You are unsure about scoping, have a complex IT environment, or want hands-on review of your answers before submission.

Assisted

Clockwork Cyber supports you through it

Recommended

Clockwork Cyber works with you through the full process — helping you understand scope, interpret questions correctly, identify likely problem areas, and review answers before submission. You are not left to figure it out alone.

Best for

  • First-time applicants who want to get it right without guessing
  • Businesses with mixed IT environments, cloud services, or remote workers
  • Organisations that need expert review before submitting their answers

Not ideal if

You have a confident IT lead who has completed the assessment previously and wants to move through it independently.

Why it matters

More Than A Compliance Checkbox.

Cyber Essentials is one of the most practical things a smaller business can do to reduce exposure to the most common online threats. The five controls it covers are the same areas that the majority of attacks against businesses exploit — and having them in place makes a measurable difference.

For many organisations, certification also opens commercial doors that would otherwise be closed. UK government contracts and an increasing number of supply chain requirements mandate Cyber Essentials as a minimum security standard.

Beyond the certificate itself, many businesses find the process highlights configuration issues, access control gaps, or outdated software they were not previously tracking — making it a useful security improvement exercise in its own right.

Common questions

How long does it take to get certified?

Most businesses complete the process within two to three weeks. The timeline depends on how quickly you can work through the questionnaire and whether any remediation is needed before submission. With the Assisted option, Clockwork Cyber helps identify likely issues in advance, which typically speeds things up.

What if we fail the assessment?

If the assessment identifies issues, you can correct them and resubmit. In practice, most delays come from scope misunderstandings or missing controls, which is why getting the setup right first matters.

Do we need to renew every year?

Yes. Cyber Essentials is valid for 12 months, so certification needs annual renewal to remain current and recognised.

  • Required for government contracts
  • Signals security maturity to clients and insurers
  • Protects against the most common attacks
  • Renews annually keeping controls current

Ready to get started?

Choose The Option
That Fits Your Business.

Both options lead to the same certification. The difference is how much support you want along the way. Not sure which is right? Get in touch — it takes two minutes to point you in the right direction.

No retainer. No long-term contract.