CE & CE+ Auditor
Cyber Essentials and Cyber Essentials Plus services from a qualified CE Assessor and CE+ Lead Assessor. Whether you need advisory support to prepare for certification, or a formal assessment via our trusted Certification Body partners, we can assist throughout the process.
How We Can Help
CE and CE+ services broadly fall into two categories — advisory support and formal certification. We offer both, clearly distinguished:
CE/CE+ Advisory & Pre-Assessment
Gap analysis against the current question set, technical remediation guidance, evidence preparation, and readiness review before a formal assessment. We help you understand what is in scope, address weaknesses, and approach certification with confidence. No formal certificate is issued as part of this activity — it is pure advisory.
Formal CE/CE+ Assessment via CB Partners
Where a formal CE or CE+ certificate is required, assessments are conducted through our trusted Certification Body (CB) partners. Wayne acts as Lead Assessor. Certificates are issued by the CB upon successful completion. We work with multiple CBs, giving you flexibility and ensuring independence throughout the process.
DCC Level 0 Assessments
Wayne holds the capability to conduct DCC Level 0 CE+ assessments. This is relevant for organisations within the MOD and wider defence supply chain, where DCC-compliant assessments are a specific requirement. Contact us to discuss your specific DCC Level 0 needs and how we can support your procurement or contractual CE+ obligations.
IASME Governance Assessment
As an IASME Governance Assessor, we can assess organisations against the IASME Governance standard, often completed alongside CE or CE+ as a cost-effective route to demonstrating broader cyber governance maturity, particularly relevant in the public sector and supply chain contexts.
Who Typically Engages This Service
Defence Supply Chain
MOD prime contractors and sub-contractors require CE+ (and often DCC Level 0 assessments) as a condition of contract. We understand the defence supply chain context and the specific requirements around scope, boundary definition, and documentation.
SMBs Pursuing Certification
Smaller organisations pursuing CE or CE+ for the first time — whether to satisfy a customer requirement, qualify for a framework, or simply improve their baseline security posture. We provide straightforward, jargon-free guidance appropriate to your scale.
Annual Renewal Support
Organisations approaching CE or CE+ renewal who want a structured pre-renewal review, to address any changes in scope or technical estate, and to ensure no surprises during the assessment itself.
Managed Service Providers
MSPs managing the IT estate for multiple clients, seeking guidance on how CE/CE+ applies to their managed service offering, and how to best support customer certification without duplicating effort.
What Advisory Support Covers
A typical CE/CE+ advisory engagement includes the following activities, scoped to your organisation's size and complexity:
- Scope & Boundary Definition: Identifying what falls within the CE/CE+ boundary and how to articulate it accurately in your submission
- Gap Assessment: Reviewing your current controls against the active CE question set, identifying non-conformances and areas of risk
- Technical Remediation Guidance: Practical advice on patching regimes, MFA configuration, firewall rules, malware protection, and account management
- Evidence Preparation: Helping you identify, prepare, and organise the evidence an assessor will review during CE+ remote verification
- Mobile Device & Cloud Scoping: Guidance on how BYOD, cloud services, and hosted applications fit (or are excluded from) the CE scope
- Pre-Assessment Review: A final readiness check before your formal assessment submission, with Wayne reviewing your evidence pack against the scheme requirements
Credentials Underpinning This Service
CE+ Lead Assessor
Qualified to sign off CE+ assessments as Lead Assessor through our CB partners, including DCC Level 0 assessments.
CE Assessor
Qualified CE Assessor for Cyber Essentials (self-assessment verification and advisory under the IASME-administered scheme).
IASME Governance Assessor
Qualified to assess against the IASME Governance standard, which can be combined with CE+ for a more comprehensive assurance package.
CISSP, PCSP & Chartered Security Architect
CE/CE+ advisory is informed by 20+ years of broader security expertise across Defence, Finance, and commercial sectors — not a narrow tick-box approach.
Discuss Your CE/CE+ Needs
Whether you need advisory support, a formal assessment via CB, or a DCC Level 0 assessment — get in touch and we’ll confirm the right approach for your situation.