A Guide to the Cyber Essentials Plus Certification



In digital healthcare, there are few things more important than privacy and compliance. It is essential to keep Personal Health Information (PHI) safe. When working with hospitals, clients, other companies, and more, having certifications to prove your compliance posture is extremely helpful. 

CE+ operates as a chain of trust and requirements. It is expected that companies that work together have CE+, to ensure that baseline security measures are being met. As MedStack is CE+ certified, we are part of that chain for our customers. This is essential for customers based in, or looking to expand to, the UK.

With that in mind, we’ve put together some beneficial information for you on the Cyber Essentials certification that you can use to get started.

What are the Cyber Essential Certifications?

In the UK, government-backed Cyber Essential Certifications were introduced to help digital organizations shield themselves from a range of different cyber-attacks.

Unfortunately, every online business has to deal with a range of threats to its security. This is especially true in the healthcare space. When a business goes through the process of getting both the Cyber Essentials and Cyber Essentials Plus certifications, it demonstrates that they’re adequately protected against the most common forms of security threats.

Together, these certifications set out the technical controls necessary for these protections. The business applying for certification must complete two rounds of assessments. This ensures their systems have the right security in place before they can become certified.

Cyber Essentials Certification

The first level of certification in Cyber Essentials gives your enterprise protections against an array of different, commonly occurring cyber-attacks.

This certification is provided through the IASME Consortium, which has partnered with the government in the UK to offer this service.

In many cases, the most common cyber-attacks are very basic. This could be because the people making the attack are relatively unskilled, or it could also be a method for checking to see whether an organization has protections necessary for the Cyber Essentials certification.

When organizations are found lacking in protection, it can then make them a bigger target for other, more in-depth attacks in the future. This first level of Cyber Essentials certification helps prevent that.

Cyber Essentials Plus Certification

In order to apply for the Cyber Essentials Plus certification, your organization must first go through the process of receiving certification in Cyber Essentials. Once that’s been achieved, you can apply for the Cyber Essentials Plus certification, which requires an additional, more hands-on technical verification to earn.

This adds a further level of protection to an organization’s digital security systems, as well as giving your team the opportunity to gain a more in-depth knowledge of cyber security and its unique facets.

With this new information, your organization can improve its internal security processes and protocols, and then pass these additional security benefits on to your customers.

The Benefits of Earning the Cyber Essentials Plus Certification

Understanding the level of security protecting your business is essential to maintaining these systems, as well as improving them over time, when new tools and security systems become available for use.

You want to be able to reassure your clients that they can trust you to secure their PHI, and any other relevant data, against potential data breaches or security threats that your organization might face in the future.

Not only that, for enterprises that are looking to expand their strategic partnerships, you may have a hard time attracting new partners/clients, if you can’t easily display clear, effective security measures.

In addition to these benefits, there are some government or enterprise-level organizations that will only partner with businesses that have achieved the Cyber Essentials or Cyber Essentials Plus levels of certification.

If growth and scaling profitability are part of your long-term business plan, it’s extremely beneficial to earn these levels of certification; not just for your own protection, but for the reputational bonuses that come alongside it.


The Cyber Essentials Plus Certification Process

For any organization that’s looking to earn a Cyber Essentials or Cyber Essentials Plus certification, you’ll need to start by applying for certification through the IASME Consortium.

It’s important to note that certification pricing is based on the size of your business, which makes it more affordable and accessible for micro/small organizations.

Each round of certification is valid for 12 months from the time it’s earned, but it only takes (on average) 1-3 working days to get certified for Cyber Essentials.

As well, this useful certification process isn’t just for businesses in the UK. Companies overseas in North America can also apply for these certifications, which can be verified by a board member of the IASME Consortium.

In the event that you don’t pass the certification process, don’t worry! The board from IASME will provide feedback for you, which will give you clear directions on how you need to improve your cyber security in order to pass the certification when you apply again.

MedStack is Here to Help Maintain Your Compliance Frameworks

When it comes to digital health, MedStack is the go-to solution for businesses to save time and money getting their compliance frameworks set up and maintained. 

We make it our mission to make it easier, faster, and more affordable for your organization to design, develop, and launch new digital healthcare solutions while meeting all the most stringent compliance requirements.


Stop wasting time, energy, and resources on paperwork instead of your product. MedStack can put your business on the fast track to growth. Book a demo today and see how easy it is to get started on MedStack.