Cyber Essentials and Essentials Plus

Cyber Essentials and Essentials Plus

Safeguard your business and prove your commitment to protecting customers

What is Cyber Essentials certification?

Cyber Essentials is a government-backed, industry supported scheme to help organisations protect themselves against common cyber-attacks. It covers five key technical controls that organisations should have in place to provide a basic level of cyber security.

Cyber Essentials
I Stock 1249865867

Why Cyber Essentials?

The aim of testing for Cyber Essentials certification is to identify exploitable vulnerabilities and weaknesses within an organisation’s infrastructure through the Internet. The testing is based on broad attack vectors from the Internet. The testing is not designed for organisations that are likely to be the target of Advanced Persistent Threat (APT) type of attacks but to highlight any potential attacks or weaknesses that may be used by an opportunist attacker.

Cyber Essentials Plus is the next stage after successful completion of Cyber Essentials self-certification. CE+ aims to prove that the statements an organisation has submitted for CE are accurate and that the organisation is fully compliant with the requirements.

Why partner with Capula?

Capula is the go-to industrial systems integrator for process, manufacturing, power, utilities and engineering businesses throughout the UK.

As experts in industrial control, instrumentation, and automation, we have an in-depth knowledge of our technology sectors and provide many specialist capabilities that have proved of great value to our clients. Established nearly 50 years ago, we’ve decades of experience partnering with customers large and small. Our portfolio includes work on some of the UK’s most complex critical infrastructure projects – projects that have been delivered on time and within budget.

Safe and secure

Our depth of application knowledge, embodied in our highly skilled, experienced and committed team, truly sets us apart.

Our specialist in-house engineering staff adopt a whole-systems approach to ensure that your valuable assets will be fully safeguarded during the course of your projects.

Our customers return to us with confidence, knowing that they will receive leading-edge quality and implementation that go beyond the confines of traditional engineering solutions.

With offices nationwide, we’re able to offer local support to your business. We also have the backing that comes with being part of a larger group, being jointly owned by Dalkia and EDF.

Why Partner with Capula?

As well as being a leading integrator for large parts of the UK’s most critical assets, hundreds of companies have chosen Capula for their Cyber essentials because…

Client Logo
Expert Consultancy

Our NCSC approved accredited team members offer you flexible support tailored to your needs.

Client Logo
Grow Your Business

Cyber Essentials is increasingly becoming a minimum requirement for both B2B and B2C organisations.

Client Logo
50 Years of experience

Decades of experience in developing, integrating, and supporting security critical, operational environments.

Our Security Portfolio

CDCAT Risk & Compliance Assessments

CDCAT is a comprehensive way for organisations to assess their existing cyber defences, against a unique set of government and commercial best practice control sets, to identify any vulnerabilities and see what improvements can be made.

An effective security program must start by assessing the risk. giving you greater visibility into your current OT environment and see the vulnerable assets.

In the industrial cyber-security space, the risks are changing all the time, as companies extend, adapt, and improve their systems, as new vulnerabilities are identified and as threat strategies evolve.

Using the CDCAT assessment tools, our audit identifies the maturity level of individual or combined elements we qualify as ‘defensible units’ within your business, based on pre-defined controls using a wide range of security standards including ISO 27001, IEC 62443, NIST SP800-53 – Security Controls and many others.

CDCAT was developed for the UK Ministry of Defence, by the Defence Science and Technology Laboratory with two main requirements:

  • Flexibility to assess a variety of systems
  • A quick and repeatable process

Security awareness and phishing training

Gauge the security awareness proficiency of your employees and measure your organisation’s overall security culture posture using our KnowBe4 Assessments. These two science-based assessments help you tailor training to address proficiency gaps and weaknesses, as well as monitor the impact your security awareness training program has on improving your users’ knowledge and sentiment to security awareness over time.

Offline Patch Management Services

Our offline patch management service is tailored according to your unique requirements. It may include a full system analysis to confirm all systems are operational, functional and fully patched. Full operating system patching and reporting may be included, whether required for a fully connected, partially connected or an isolated system. Anti-malware signature updates for a chosen vendor can also be implemented, as well as USB port control and ‘sheep dip’ validations that check content ensuring only trusted data is imported into a secure engineering environment.

Real time vulnerability scanning

Every organisation is at a different stage in their IoT & ICS cyber security maturity. Just as adversaries are becoming increasingly sophisticated, organizations are also continually challenged to up their game. Capula partners with world leading technology vendors that enable you to easily adopt new capabilities to match your organisational readiness. Their technology combined with our vast experience put’s Capula as the partner of choice for most of the UK’s critical infrastructure.

Penetration Testing

We can undertake a full penetration test on all your systems, networks, websites or web applications. Using trained and certified ethical hackers or ‘Tiger’ team members, you can be assured that the items in scope will be rigorously tested for vulnerabilities. This assessment can be operated as a ‘red team’ test where nothing is provided, and we will detail what we can find as an outsider.

We can further undertake a full review of your perimeter defenses, try to gain access to your site as an adversary and use detailed social engineering skills to obtain access to restricted areas. If required, our teams can pose as trusted insiders, contacting staff for information or professing to be support agents to gain access to hardware as part of an ongoing maintenance agreement. Perhaps you are interested to know what happens to USB devices that are found on your premises and who may be curious enough to plug them in?


Self assessment

See pricing structure
  • Questionnaire
  • Certification

Supported assessment

  • On Site or Remote Support
  • Consultant Led at All Stages
  • Questionnaire
  • Certification

Self Assessment

  • Materials only
  • Cyber Essentials Questionnaire Included
  • External Vulnerability Scan
  • Internal vulnerability scan (on-site)
  • Workstation assessment
  • Cyber Essentials results report
  • Certification

Remote Assistance

  • Remote assistance
  • Cyber Essentials questionnaire included
  • External vulnerability scan
  • Internal vulnerability scan (on-site)
  • Workstation assessment
  • Cyber Essentials results report
  • 2 Hour Webinar assistance
  • Certification

On Site Support

  • On-site Support
  • Cyber Essentials questionnaire included
  • External vulnerability scan
  • Internal vulnerability scan (on-site)
  • Workstation assessment
  • Cyber Essentials results report
  • On-site Consultant Assistance
  • Pre assessment gap analysis report
  • Certification

*Pricing is based on a sample size of up to 10 assets – For the internal tests, the assessor needs to test a sample of all end-user devices (including tablets and smartphones) and a sample of all servers that allow users to access an interactive desktop environment. An “interactive desktop environment” means a graphical interface such as an X server, Windows or macOS. It does not include a text-based environment such as an SSH or telnet session or a bash / DOS / PowerShell command line.

Looking for security services? Get in touch today…

*: Required fields

Edit entry