Cyber Essentials
Prepare for the baseline scheme and its verified self-assessment without losing evidence context.
Cyber Essentials and Cyber Essentials Plus
Prepare answers, evidence, and owners before certification pressure lands.
AI-27001 helps UK teams organise Cyber Essentials preparation by linking questions to controls, policies, owners, tasks, and ISMS evidence. It supports the operating workflow around preparation; it does not certify, assess, guarantee a pass, or replace the official IASME/NCSC process.
Plus preparation
Organise evidence and actions before independent technical testing, without claiming to perform it.
ISMS link
Reuse controls, policies, owners, tasks, and evidence already managed for ISO 27001 and reviews.
Question areaAI-27001 linkStatus
User access controlPolicy, owner, MFA taskAssigned
Security updatesPatch evidence, exceptionReview
Malware protectionEndpoint evidence gapAction
Choose your next step
Review one preparation workflow before certification pressure builds.
Book a Cyber Essentials walkthrough, or map one preparation workflow around questions, controls, owners, tasks, and evidence while keeping official scheme decisions with your team and advisers.
Founding customer plan starts at £300/month + VAT, with hands-on onboarding and one free evidence/admin workflow review before commitment.
Five technical-control areas
Use the official scheme material as the source, then organise the work around it.
NCSC describes Cyber Essentials as the UK Government-recommended minimum cyber security standard, aligned to five technical controls. IASME and NCSC update requirements over time, including the current v3.3 requirements effective from 27 April 2026, so AI-27001 keeps the buyer story focused on preparation workflow rather than hard-coded question text.
Control area
Firewalls
Keep internet-facing boundaries, cloud services, and network access visible before assessment questions arrive.
Control area
Secure configuration
Turn hardening decisions, default settings, device scope, and service ownership into reviewable evidence.
Control area
User access control
Connect users, admin access, leavers, MFA expectations, and approval tasks to owners and review cycles.
Control area
Malware protection
Record how devices and services are protected, who maintains the controls, and what evidence proves coverage.
Control area
Security update management
Track patching responsibilities, exceptions, deadlines, supplier inputs, and stale evidence before they become blockers.
Current sources
Check NCSC and IASME at the point of use.
Use the official NCSC overview, NCSC resources, and IASME documentation when preparing answers.
Operating workflow
Preparation is easier when each question has an owner, action, and evidence trail.
The workflow is designed for teams that already manage ISO 27001 evidence, customer questionnaires, or supplier assurance. Cyber Essentials preparation becomes another evidence-backed operating track, not a disconnected spreadsheet.
Load the current question set and requirement context without publishing stale questionnaire text.
Map questions to controls, policies, assets, owners, tasks, and evidence already held in the ISMS.
Assign gaps to the right owner with due dates, notes, and supporting evidence requests.
Review answers and evidence before they are used in the official IASME/NCSC process.
Keep Cyber Essentials preparation connected to ISO 27001 evidence, supplier assurance, and customer security reviews.
Buyer examples
Connect Cyber Essentials to the assurance work buyers already care about.
The page is built for practical preparation conversations across SaaS, MSP, telecom/security review, and procurement-led SME use cases.
Use case
UK SaaS teams
Reuse access-control, patching, endpoint, supplier, and policy evidence when customers ask for Cyber Essentials alongside ISO 27001.
Use case
MSPs and client-assurance teams
Separate internal preparation from client evidence workflows while keeping ownership and follow-up visible.
Use case
Telecom and security-review teams
Connect baseline technical-control evidence to broader TSA, ISO, supplier, and assurance commitments.
Use case
SMEs under procurement pressure
See what is missing, who owns it, and what needs review before completing the official certification path.
For advisers and Certification Bodies
Need a client evidence workflow layer around Cyber Essentials preparation?
Cyber Advisors, Certification Bodies, MSPs, and security advisers can start with a free 20-minute guided partner review around one sanitized client preparation workflow. The adviser remains responsible for Cyber Essentials judgement and scheme work while AI-27001 focuses on structured preparation evidence, owners, mapping, and reusable review records.
Partner fit
Cyber Advisors and Certification Bodies stay responsible for advice, assessment, certification, Plus testing, and client judgement.
Partner fit
AI-27001 can run a free guided partner review around one sanitized client preparation workflow or sample evidence set.
Partner fit
The review tests whether evidence, control mapping, tasks, owners, and review records can reduce admin before a paid pilot or referral conversation.
Partner fit
Advisers, MSPs, and Certification Bodies can route partner-fit conversations without publishing reseller terms or scheme-status claims.
Safety boundaries
Preparation support should not blur into certification claims.
Boundary
AI-27001 is not a Certification Body and does not certify, assess, or guarantee a pass.
Boundary
Cyber Essentials Plus includes independent technical testing; AI-27001 can help organise preparation evidence, not perform official testing.
Boundary
Requirements and question resources change, so preparation workflows should reference current NCSC and IASME material at the point of use.
Boundary
Your organisation remains responsible for answers, implementation, certification submissions, and risk decisions.
Free review
Not ready to book? Get a practical evidence next step instead.
Pick the lower-friction option that fits where you are. We’ll use your page and campaign context to understand the request without adding tracking clutter to the visible URL.
Share how you prepare answers and evidence so we can review workflow gaps before certification pressure.
Next step
Want to test the preparation workflow before you commit?
Bring one Cyber Essentials preparation flow, current owner map, or evidence gap. The walkthrough can show how questions, controls, tasks, owners, and evidence connect without making certification claims.
AI-27001 is a product of SW DIGITAL SERVICES LIMITED, registered in England and Wales. Company number 17178287.