+44 3301 333 307 magma@magmacloud.co.uk
Assessment

Cyber Essentials
& ISO 27001 Readiness

UK certification support for Cyber Essentials, Cyber Essentials Plus, and ISO 27001. Gap analysis, remediation, documentation, and pre-audit readiness — for organisations that need the certificate and the controls to back it up. Not just a tick-box exercise.

From £TBC — fixed fee, scoped after your Ignite Assessment
The Challenge

Certification without genuine controls is a liability, not an asset.

Cyber Essentials is mandatory for an increasing number of UK government contracts and public sector supply chain relationships. ISO 27001 is the standard many clients and regulators expect before trusting you with their data. The pressure to achieve certification is real. But organisations that pursue certification without actually fixing their security posture are signing a document that says they're secure when they're not — and that's a significant risk in the event of a breach or ICO investigation.

We run readiness engagements that do the work honestly. Gap assessment against the actual certification criteria, remediation of genuine control gaps, documentation that reflects your real controls, and pre-audit preparation so nothing catches you out. For Cyber Essentials Plus, we prepare you for the technical verification stage. For ISO 27001, we build the ISMS documentation and risk assessment that an auditor needs to see evidence of — not just the paper.

What We Deliver

Certification Readiness Services

Cyber Essentials / Plus
  • Gap assessment against CE criteria
  • Firewall & boundary configuration review
  • Secure configuration assessment
  • Access control & privilege review
  • Malware protection & patch posture
  • Remediation of control gaps
  • Certification questionnaire support
  • CE Plus technical verification preparation
ISO 27001
  • Gap assessment vs ISO 27001:2022
  • ISMS scope & policy documentation
  • Information security risk assessment
  • Statement of Applicability (SoA)
  • Annex A control implementation
  • Internal audit preparation
  • Pre-certification audit readiness review
Outcomes
  • Achieved Cyber Essentials / Plus certificate
  • ISO 27001 certification-ready ISMS
  • Supply chain & contract compliance
  • Board and regulator assurance
How It's Delivered

The Magma Cloud Lifecycle

Certification readiness spans assessment, implementation, and assurance phases. For ISO 27001, ongoing management is essential to maintain certification and continued compliance.

01
Strategy
02
Assess
03
Implement
04
Optimise
05
Manage
06
Assure
Related Assessments & Services
Common Questions

Frequently Asked Questions

Cyber Essentials is a UK government-backed certification scheme that verifies an organisation has five foundational cyber security controls in place: firewalls, secure configuration, access control, malware protection, and software patching. It's mandatory for UK government contracts involving personal data or sensitive information, and widely required across public sector, defence, and financial services supply chains. If you're bidding for government work, you almost certainly need it.

Cyber Essentials (basic) is self-assessed — you complete a questionnaire and it's independently verified by a certification body. Cyber Essentials Plus involves an independent technical audit of your systems to verify the controls are actually in place and configured correctly, not just documented. Plus is increasingly required by government departments, MOD supply chains, and higher-risk procurement. We support both — and we prepare you properly for the technical verification stage of Plus.

From a standing start, Cyber Essentials certification typically takes two to four weeks — a gap assessment, remediation of findings, and then questionnaire submission and independent verification. Cyber Essentials Plus adds a technical audit stage and typically runs another two to three weeks. Organisations with significant control gaps take longer. We scope it honestly after your Ignite Assessment — if your estate has significant patching or configuration issues, we tell you upfront.

ISO 27001 is the international standard for information security management systems (ISMS). It requires a documented management system, a formal risk assessment, selection and implementation of controls from Annex A, and independent audit by an accredited certification body. For most organisations, achieving initial certification takes six to twelve months from gap assessment to passing the Stage 2 audit. We support you through the full process — gap analysis, ISMS documentation, control implementation, and pre-audit readiness.

Cyber Essentials first, unless you have a specific ISO 27001 contractual deadline. Cyber Essentials is faster, cheaper, required by more UK contracts, and the five controls it verifies are a natural subset of what ISO 27001 requires. Achieving Cyber Essentials Plus gives you a clean technical baseline from which ISO 27001 implementation is significantly more straightforward. We advise on sequencing based on your specific contractual drivers and deadlines.

Start with a Free
Ignite Assessment

The Ignite Assessment

A free 30-minute call with a senior security architect. For certification readiness, you leave with a realistic view of your current gap against Cyber Essentials or ISO 27001, a timeline estimate, and a clear view of whether and how we can help. No pitch deck, no obligation.

  • Free — no charge, no catch
  • 30 minutes with a senior architect
  • Certification-specific, honest assessment
  • No obligation to proceed
Certification Readiness Specialists

Book Your
Ignite Assessment

Whether you need Cyber Essentials for a government contract deadline or are starting an ISO 27001 programme — we'll tell you where you stand and what it'll take to get there.

Book Ignite Assessment