> ce-align --scope=full --remediate=true --target=100%_
Most organisations fail Cyber Essentials not because their security is bad, but because documenting it is boring. Our concierge service handles the tedious part — the alignment, the evidence gathering, the policy writing — so you can focus on running your business. We don't just audit you; we get you to 100% alignment first, then audit you. The pass rate for our concierge clients is 100%.
Cyber Essentials is the UK Government's baseline security certification. It's required for government contracts, increasingly expected by enterprise customers, and — if we're being honest — represents the bare minimum any organisation should be doing. The controls themselves aren't difficult: firewalls, secure configuration, access control, malware protection, and patch management. Most organisations already do most of this.
So why do so many fail? Because the certification process requires documentation, evidence, and precision that most IT teams find tedious. It's not a technical problem — it's an administrative one. And administrative problems are exactly the kind of problems that fall to the bottom of every priority list, until the deadline arrives and panic sets in.
Our concierge service eliminates that failure mode entirely. We handle everything — the gap analysis, the remediation guidance, the policy writing, the evidence gathering, and the certification audit itself. We don't just point at gaps and wish you luck. We close the gaps, build the evidence pack, and then certify you. The result is a 100% pass rate, because we don't submit you until you're ready.
Organisations that attempt Cyber Essentials unassisted typically spend 3–5 times longer than necessary, frequently fail on the first attempt (at full cost), and divert their IT team from actual productive work for weeks. The concierge fee isn't an expense — it's the elimination of wasted time, failed attempts, and opportunity cost. Our fee is almost always less than the internal cost of trying to do it yourself. That's not a sales pitch. That's arithmetic.
Our concierge service is genuinely end-to-end. We take you from wherever you are now to certified — handling every step that isn't running your business.
Our concierge process is designed to be as painless as possible for your team. We do the heavy lifting. You answer a few questions, make the changes we recommend, and receive your certificate. Here's how it works:
Timelines vary depending on organisation size, complexity, and the volume of remediation required. Organisations with mature IT practices often complete the process in under three weeks. Larger or more complex environments may take four to six weeks. Either way, it's dramatically faster than attempting it alone.
We offer concierge services for both certification levels. The right choice depends on your contractual requirements, risk profile, and what your customers expect to see.
| Dimension | Cyber Essentials | Cyber Essentials Plus |
|---|---|---|
| Assessment Method | Self-assessment questionnaire verified by an accredited assessor. | Hands-on technical verification by an accredited assessor — includes vulnerability scanning, build reviews, and configuration checks. |
| Assurance Level | Confirms that the organisation has the right controls in policy and intent. | Confirms that the controls are not only in place but actually working as intended in practice. |
| Required For | UK Government contracts involving sensitive and personal information. | Higher-assurance contracts, MOD supply chain, and organisations wanting to demonstrate stronger security posture. |
| Our Concierge Includes | Gap analysis, remediation, policy writing, evidence gathering, and certification. | Everything in CE, plus technical testing, vulnerability scanning, and hands-on verification audit. |
If you're going through the concierge process anyway, the incremental cost of upgrading to Cyber Essentials Plus is modest and the additional assurance is significant. Plus certification demonstrates that your controls actually work, not just that you intend them to. Most of our concierge clients choose Plus — because once you've done the hard work, you might as well get the stronger certificate.
Cyber Essentials certification is valid for twelve months. The threat landscape evolves daily. The gap between annual certification and continuous security is where most incidents occur. You pass the audit, relax, and twelve months later scramble to pass again — without knowing what happened in between.
For continuous monitoring that maintains your security posture between certifications, see our SOCinaBox managed SOC service. SOCinaBox provides 24/7 threat detection, vulnerability monitoring, and incident response — ensuring the controls you certified aren't quietly degrading while nobody's watching.
Combine the Cyber Essentials concierge service with SOCinaBox for year-round security assurance. The concierge service gets you certified. The SOC keeps you secure. When recertification comes around, you're already aligned — making renewal faster, cheaper, and stress-free. It's the difference between cramming for an exam and actually knowing the material.
Our concierge service has a 100% pass rate because we don't submit you until you're ready. Every engagement starts with a free scoping call — we'll assess where you are, tell you exactly what's needed, and give you a clear quote. No surprises, no jargon, no failed attempts.