Share via

UK Cyber Essentials Plus

UK Cyber Essentials Plus overview

Cyber Essentials is a UK government-backed scheme designed to help organizations assess and mitigate risks from common cyber security threats to their IT systems. It identifies security controls for an organization to have in place within their IT systems. Cyber Essentials scheme is a requirement for all UK government suppliers handling any personal data. The Cyber Essentials badge helps an organization demonstrate the ability to:

  • Identify potential risks to better protect against common cyber threats.
  • Adopt proper security controls to protect customer data.
  • Become compliant with UK government expectations for Cyber Security Essential requirements and eligible to bid on UK government contracts.

The Cyber Essentials Scheme is designed for UK government suppliers to identify potential weaknesses in their IT systems and software, which could lead to customer data exploits. The scheme assurance framework has defined two different levels of certification:

  • Cyber Essentials is the first level and includes a self-assessment for organizations to check the most important IT security controls of their IT infrastructure. The responses are independently reviewed by an external certifying body.
  • Cyber Essentials Plus offers the same controls coverage as Cyber Essentials and also includes additional assurance by carrying out systems tests of implemented controls through an authorized third-party certifying body.

Azure and UK Cyber Essentials Plus

Microsoft Azure has attained the Cyber Essentials Plus badge and meets the requirements outlined in the Cyber Essentials Scheme. Azure production systems are frequently tested and audited to provide evidence of an industry-leading compliance portfolio.


  • Azure

Audit reports and certificates

You can download the Azure and Dynamics 365 Cyber Essentials Plus certificate and compliance report from the Service Trust Portal (STP) UK regional resources section. For instructions on how to access audit reports, see Audit documentation.