Procurement Policy Note 09/14: Cyber Essentials scheme certification

This note explains how to use the Cyber Essentials scheme, which aims to reduce cyber security risk in government supply chains.



The government is taking steps to further reduce the levels of cyber security risk in its supply chain through the Cyber Essentials scheme. The scheme defines a set of controls which, when properly implemented, will provide organisations with basic protection from the most prevalent forms of threat coming from the internet. There are 2 levels of certification: Cyber Essentials and Cyber Essentials Plus.

Cyber Essentials is for all organisations of all sizes, and in all sectors. We are making the scheme mandatory for central government contracts advertised after 1 October 2014 which involve handling personal information and providing certain ICT products and services.

Published 26 September 2014
Last updated 26 May 2016 + show all updates
  1. Updated PPN on cyber essentials scheme certification.

  2. First published.