Cyber Essentials Certification

We're a registered Certification Body. We assess, plan, manage the work required, and certify you when you're ready.

One relationship, start to finish.

Managed Certification, Not Just Another Assessment

Cyber Essentials is sometimes treated as a paperwork exercise. We treat it as a managed engagement. As an IASME-accredited Certification Body, we run the whole process for you — from initial planning through to certification.

We liaise with your suppliers, coordinate the technical work, and only put you through assessment when we know you're ready.

Who We Are

Custodia Continuity is a Cyber Essentials and Cyber Assurance Certification Body, accredited through the IASME consortium under the National Cyber Security Centre (NCSC) scheme.

We are members of the Chartered Institute for IT (BCS), the International Association of Privacy Professionals, and the Cyber Security Information Sharing Partnership (CiSP). We are also a core member of the East Midlands Cyber Resilience Centre.

This isn't a sideline for us. Cyber security assessment and certification is what we do, and we bring that focused experience to every client engagement.

How It Works

We take ownership of the process so you don't have to become a cyber security expert overnight.

1. Planning — We review your current setup, identify what's in scope, and build a clear plan for getting you to certification. No guesswork, no surprises.

2. Supplier Liaison — Need firewall changes? Software updates? Configuration work from your IT provider? We handle those conversations directly, so the technical details don't fall on your desk.

3. Remediation Support — Where gaps exist, we help you close them. We advise on practical, proportionate solutions and work with your suppliers to get the changes made.

4. Certification — When everything is in order, we carry out the formal assessment and issue your certificate. Because we've managed the process, there are no last-minute failures.

The Five Controls

Cyber Essentials is built around five technical controls defined by the NCSC. They address the most common attack vectors and, when properly implemented, prevent the majority of commodity cyber attacks.

• Firewalls — Boundary devices correctly configured to control inbound and outbound traffic
• Secure Configuration — Devices and software configured to reduce vulnerability, with unnecessary services disabled
• User Access Control — Access granted only to those who need it, with administrative privileges tightly managed
• Malware Protection — Measures in place to prevent malicious software from running on devices in scope
• Patch Management — Software kept up to date with security patches applied within 14 days of release

Why It Matters

• Required for UK government contracts involving personal or sensitive data
• Increasingly expected by supply chains, insurers, and commercial clients
• Demonstrates a baseline of technical security to customers and partners
• Backed by the NCSC — the UK government's national technical authority for cyber security
• Can reduce cyber insurance premiums and simplify procurement questionnaires
• Includes free cyber liability insurance for qualifying organisations

Which Level Do You Need?

Not sure whether you need Cyber Essentials or Cyber Essentials Plus? It depends on your sector, your contracts, and the expectations of your supply chain. We'll help you work out the right level before you commit — and manage whichever route you choose.

Cyber Essentials

A self-assessment questionnaire verified by a Certification Body. Suitable for most organisations and sufficient for the majority of supply chain and contractual requirements. We guide you through every question.

Cyber Essentials Plus

Includes everything in Cyber Essentials, plus a hands-on technical audit of your systems. We carry out vulnerability scans and verify that the controls are properly implemented. Required by some sectors and larger contracts.

Beyond Cyber Essentials

Certification often raises questions beyond the five controls — backup strategy, disaster recovery, staff training. These are our core business, not an afterthought. If the process reveals broader gaps, we are already equipped to close them. If you just need the certificate, that is exactly what you get.

Free Disaster Recovery Audit

Every managed assessment includes a complimentary review of your disaster recovery and backup arrangements. We look at where your data lives, how it is protected, and whether you could recover from a serious incident. Certification proves your defences are sound. The audit makes sure you can recover if something still gets through.