Achieve Cyber Essentials with Confidence
Attain Excellence in Data Protection & Cybersecurity.
We don’t just deliver frameworks; we deliver outcomes that fuel business growth.
Our Services
how we help you achieve cyber essentials
A thorough overview of your IT assets, existing security controls, and any recent infrastructure changes.
We establish the definitive scope for your certification against the new v3.2 rules from day one.
A detailed pass/fail analysis of your current posture against every Cyber Essentials v3.2 control.
We highlight quick-win solutions and clearly identify areas requiring further work to meet the “Willow” question set standards.
A clear, prioritised action plan to close all identified gaps.
Each action includes defined ownership and realistic timelines to support a successful revalidation attempt with the assessor.
We assist in updating essential documents, including asset inventories and security policies, to meet the new terminology and requirements.
You receive a complete evidence pack, ready for direct submission to the Cyber Essentials assessor, providing the clear proof required for certification.
Our approach
Getting you Certified Quickly, Confidently and Without Disruption
Cyber Essentials Implementation That Delivers Results
We implement GRC frameworks using our structured AAA Approach:Â designed to assess your current posture, align with best practices, and assure long-term compliance
Our proven Approach
🔍Assess
We begin by assessing your current Cyber Essentials posture - identifying gaps, risks, and opportunities for improvement. This includes reviewing existing policies, controls, and governance structures to establish a clear baseline.
đź§Align
We align your organisation with regulatory requirements, industry standards, and strategic goals. Our experts tailor frameworks to your business context, ensuring relevance, scalability, and stakeholder buy-in.
🛡️Assure
We assure ongoing compliance and resilience through monitoring, reporting, and continuous improvement. This includes fractional GRC support, training, audits, and automated controls to maintain confidence and accountability.
Why choose GRC Hub?
GRC Hub – Your Trusted Partner in Data Protection, GDPR Compliance & Cybersecurity.
Navigating a new version of the Cyber Essentials scheme requires specialist, up-to-date knowledge. We offer more than just a checklist; we offer strategic guidance tailored to the Willow question set.
Expert Knowledge on Cyber Essentials v3.2: We are experts on the changes, particularly the practical implications of the new ‘Vulnerability Fixes’ and ‘Passwordless Authentication’ requirements. We eliminate ambiguity and translate technical jargon into clear, actionable steps.
Structured Success: Our proven four-step process (Assessment, Report, Remediation, Documentation) is designed to minimise re-submission risk, saving you time and money.
Focus on Business: We prioritise remediation actions that offer the most security benefit with the least disruption to your day-to-day operations.
End-to-End Support: We provide the documentation and evidence pack ready for the assessor, ensuring nothing is overlooked and the final submission is seamless.
Your Cyber Essentials questions answered
Frequently Asked Questions (FAQs)
Q: What is the biggest change in the Willow question set?
The shift to the new, broader definition of “Vulnerability Fixes.” This now explicitly requires you to apply not just patches, but also configuration changes, registry edits, or vendor-supplied scripts to remediate high-risk vulnerabilities within 14 days. We focus heavily on ensuring your patch management process meets this expanded requirement.
Q: What’s the difference between Cyber Essentials and Cyber Essentials Plus?
- Cyber Essentials is a self-assessment certification that demonstrates your organisation has basic cyber security measures in place.
- Cyber Essentials Plus includes the same requirements but adds an independent technical audit to verify your controls are working effectively.
Q: Does Cyber Essentials v3.2 still require Multi-Factor Authentication (MFA)?
Yes. MFA (or the newly recognised Passwordless Authentication) is still a mandatory requirement for all user accounts that access organisational data or services from the internet (e.g., cloud services, remote access). Our review ensures MFA is implemented correctly across all in-scope services.
Q: We use a lot of cloud services (like Microsoft 365 or Google Workspace). Are they in scope?
Absolutely. Cloud services are explicitly included in the scope. The Willow question set reinforces stricter requirements for securing these cloud environments, including enforcing MFA and ensuring secure configuration of the cloud control panel itself.
To learn more about Cyber Essentials and Cybersecurity visit our blog sectionÂ
Q: How long does it take to get certified?
The timeline can vary depending on your current security posture. For most organisations, Cyber Essentials can be achieved within a few days to a couple of weeks, while Cyber Essentials Plus may take longer due to the additional audit process.
Q: How much does Cyber Essentials cost?
The cost depends on your organisation’s size and whether you’re pursuing Cyber Essentials or Cyber Essentials Plus. We offer fixed-fee packages to give you clarity and control over your investment.