Certification Packages & Pricing

Package 1 — Readiness Validation

Package 2 — Certification Readiness & Assessment ⭐ Most Popular

Package 3 — Cyber Assurance Pathway

From £950

Best for: Organisations who are mostly ready

You've implemented your controls and gathered your evidence. You just need confirmation that everything aligns with Cyber Essentials requirements before formal submission.

What's Included:

• Eligibility confirmation and scope review

• Quick readiness validation (30 mins review)

• Minor gap identification (if any)

• Guidance on evidence requirements

• Formal Cyber essentials assessment

• Certification decision and issuance

What's not included:

• Comprehensive gap analysis

• Remediation support or implementation guidance

• Policy / documentation development

Typical Timeline:

1-2 weeks from readiness review to certification

This Package is Right for You If:

• Your controls are already implemented and documented

• You understand CE requirements clearly

• You just need validation before formal submission

• Your diagnostic score: 68-84 points

From £3,500 (scope dependent) Best for: Organisations starting from low maturity or progressing beyond Cyber Essentials

You're building cyber resilience from the ground up, or you need to progress from Cyber Essentials to IASME Cyber Assurance. You need comprehensive, hands-on support throughout the process.

What's Included:

• Initial maturity assessment and baseline review

• Control implementation roadmap

• Policy and process development from scratch

• Technical configuration guidance (Firewall, MFA, Access Control)

• End-to-end documentation support

• Regular checkpoint reviews and progress validation

• Formal certification (Cyber Essentials or IASME Cyber Assurance)

• 12-month Renewal support

Cyber Essentials vs. IASME Cyber Assurance:

Cyber Essentials focuses on five baseline technical controls.

IASME Cyber Assurance is broader—covering governance, risk management, incident response, and deeper technical validation.

Most organisations start with CE and progress to Cyber Assurance when customers or supply chain partners require stronger evidence of cyber maturity.

Typical Timeline:

6-12 weeks depending on starting maturity and certification target

This Package is Right for You If:

• You're starting from low cyber maturity

• You need help implementing controls, not just documenting them

• You're progressing to IASME Cyber Assurance

• You operate in regulated sectors or high-trust environments

• Your diagnostic score: 0-39 points

From £1,750 Best for: Organisations with foundational controls but clear gaps

You have controls in place, but there are gaps in implementation or documentation. You need structured guidance to identify what's missing and fix it properly before certification.

What's Included:

• Comprehensive readiness assessment (60-90 minutes)

• Detailed gap analysis report mapped to CE criteria

• Control-by-control remediation guidance

• Documentation templates and support

• Evidence preparation assistance

• Follow-up reviews as you close gaps

• Formal certification once ready

  Why This is Most Popular:

  Most SMEs overestimate their readiness. This package catches the gaps that would cause failed submissions or weeks of back-and-forth with assessors. It's the sweet spot between doing it yourself and needing full handholding.

  Typical Timeline:

  3-4 weeks from initial assessment to certification

  This Package is Right for You If:

• You have controls but gaps in documentation

• You're not confident everything meets CE requirements

• You've been told you need CE but don't know where to start

• You want to avoid the pain of failed submissions

• Your diagnostic score: 40-67 points

  Common Gaps This Package Addresses:

• Misunderstood scope (excluding remote workers, cloud systems, mobile devices)

• MSP reliance without proper documentation - Patch management theatre (automatic updates without evidence)

• MFA misconfiguration or partial coverage - Shared accounts that violate CE requirements

• Router vs. firewall confusion - Missing policies or governance documentation

Supporting Services

Need targeted help with specific areas? We offer focused support services alongside or independent of certification packages:

Policy & Documentation Review — From £500

• Review existing policies for CE/Cyber Assurance alignment -

• Gap identification and remediation guidance -

• Template provision where needed

Technical Configuration Support — From £750

• Firewall configuration review and hardening

• MFA implementation guidance

• Patch management process design

• User access control remediation

MSP Coordination — From £400

• MSP Engagement and documentation requests

• Evidence gathering coordination

• Control verification with third parties

Frequently Asked Questions -FAQ

How long does certification take?

It depends on your readiness. Well-prepared organisations (Package 1) can achieve certification in 1-2 weeks. Organisations with gaps (Package 2) typically need 3-4 weeks to remediate and certify. Organisations building from low maturity (Package 3) typically need 6-12 weeks.

What if we're not ready yet?

That's exactly why we offer readiness assessments first. We identify what needs fixing before any formal assessment begins. No wasted time, no failed submissions. You only pay for certification when you're genuinely ready.

Do you offer payment plans?

Yes, we can discuss staged payment for Package 2 and Package 3. For example, Package 2 can be split: 50% at engagement, 50% at certification. Contact us to discuss options.

What if we fail the formal assessment?

Our readiness-first approach means this rarely happens—we only move to formal certification when you're genuinely ready. If gaps are identified during formal assessment (within the original scope), we'll work with you to close them at no additional cost.

Can we handle certification ourselves after the readiness review?

Absolutely. If our readiness review shows you're solid, you're welcome to submit your self-assessment independently. We'll provide clear guidance either way. We'd rather be honest about what you need than over-sell our services.

What's the difference between your packages and other certification bodies?

Most certification bodies only offer formal assessment—they assess what you submit and either pass or fail you. We offer readiness-first packages that identify and fix gaps before formal assessment. This dramatically reduces the risk of failed submissions and wasted time.

How do we know which package we need?

Take our [5-Minute Readiness Diagnostic →]. It scores your current state across the seven most common CE failure points and recommends the appropriate package. Or book a free 15-minute call and we'll discuss your situation.

Do prices include VAT?

No, all prices are exclusive of VAT. VAT will be added at the prevailing rate.

What if our organisation is larger or more complex than typical SMEs?

Pricing for Package 2 and Package 3 is scope-dependent. For organisations with 100+ users, multiple sites, complex cloud infrastructure, or regulated requirements, we'll provide a tailored quote following initial discussion.

---

Not Sure Where to Start?

Book a free 15-minute readiness call. We'll discuss your current setup, identify obvious gaps, and recommend the best path forward—whether that's working with us or handling certification internally.

No obligation. No sales pressure. Just clear, honest guidance.

---

Important Notes

Final pricing depends on organisational size, scope, and readiness. The prices shown are starting points for typical SME engagements (up to 50 users, straightforward IT estate). Complex environments may require adjusted pricing, confirmed during scoping.

Certification decisions are made independently and strictly in accordance with IASME requirements. Idela is an IASME-approved Certification Body authorised to assess and issue Cyber Essentials and IASME Cyber Assurance certifications.

All packages include: Professional assessment, clear communication throughout, transparent decision-making, and certification issued only when standards are genuinely met.