Cyber Essentials Certification

Managed Certification, Not Just Another Assessment

Many Cyber Essentials providers hand you a questionnaire and leave you to it. We don't work that way. As an IASME-accredited Certification Body, we manage the entire process for you — from initial planning through to certification.

We liaise with your suppliers, coordinate the technical work, and only put you through assessment when we know you're ready.

Who We Are

Custodia Continuity is a Cyber Essentials and Cyber Assurance Certification Body, accredited through the IASME consortium under the National Cyber Security Centre (NCSC) scheme.

We are members of the Chartered Institute for IT (BCS), the International Association of Privacy Professionals, and the Cyber Security Information Sharing Partnership (CiSP). We are also a core member of the East Midlands Cyber Resilience Centre.

This isn't a sideline for us. Cyber security assessment and certification is what we do, and we bring that focused experience to every client engagement.

How It Works

We take ownership of the process so you don't have to become a cyber security expert overnight.

1. Planning
We review your current setup, identify what's in scope, and build a clear plan for getting you to certification. No guesswork, no surprises.

2. Supplier Liaison
Need firewall changes? Software updates? Configuration work from your IT provider? We handle those conversations directly, so the technical details don't fall on your desk.

3. Remediation Support
Where gaps exist, we help you close them. We advise on practical, proportionate solutions and work with your suppliers to get the changes made.

4. Certification
When everything is in order, we carry out the formal assessment and issue your certificate. Because we've managed the process, there are no last-minute failures.

A Government-Backed Scheme

Cyber Essentials is the UK government's own certification scheme, designed by the National Cyber Security Centre (NCSC) to help organisations of any size defend against the most common cyber threats. It sets a clear, achievable baseline — and we make sure you reach it without the stress.

The Five Controls

Cyber Essentials is built around five technical controls defined by the NCSC. They address the most common attack vectors and, when properly implemented, prevent the majority of commodity cyber attacks.

✔ Firewalls — Boundary devices correctly configured to control inbound and outbound traffic
✔ Secure Configuration — Devices and software configured to reduce vulnerability, with unnecessary services disabled
✔ User Access Control — Access granted only to those who need it, with administrative privileges tightly managed
✔ Malware Protection — Measures in place to prevent malicious software from running on devices in scope
✔ Patch Management — Software kept up to date with security patches applied within 14 days of release

Why It Matters

✔ Required for UK government contracts involving personal or sensitive data
✔ Increasingly expected by supply chains, insurers, and commercial clients
✔ Demonstrates a baseline of technical security to customers and partners
✔ Backed by the NCSC — the UK government's national technical authority for cyber security
✔ Can reduce cyber insurance premiums and simplify procurement questionnaires
✔ Includes free cyber liability insurance for qualifying organisations

Which Level Do You Need?

Not sure whether you need Cyber Essentials or Cyber Essentials Plus? It depends on your sector, your contracts, and the expectations of your supply chain. We'll help you work out the right level before you commit — and manage whichever route you choose.

Cyber Essentials

A self-assessment questionnaire verified by a Certification Body. Suitable for most organisations and sufficient for the majority of supply chain and contractual requirements. We guide you through every question.

Cyber Essentials Plus

Includes everything in Cyber Essentials, plus a hands-on technical audit of your systems. We carry out vulnerability scans and verify that the controls are properly implemented. Required by some sectors and larger contracts.

Beyond Cyber Essentials

The certification process often raises critical questions that go well beyond the five controls — questions about business resilience, backup strategy, disaster recovery planning, and staff awareness training.

These are exactly the areas where Custodia operates every day. Security, backup, continuity, compliance and training are our core business, not an afterthought bolted onto a certification service. When an assessment uncovers gaps in your wider resilience, we're already equipped to help you close them.

Of course, we're equally happy to stay in our lane. If you just need the certification, that's exactly what you'll get — no upsell, no pressure. But if the process reveals broader concerns, you won't need to find another provider. We're already here.

Free Disaster Recovery Audit

Every managed Cyber Essentials assessment from Custodia includes a complimentary review of your disaster recovery and backup arrangements. We look at where your data lives, how it's protected, and whether you could recover from a serious incident.

Certification Plus Resilience

If there are gaps, we tell you plainly and help you address them. Certification proves your defences are sound. The DR audit makes sure you can recover if something still gets through.

Together, they give you a realistic security posture rather than just a certificate on the wall.