Your risk assessment has given you a clear picture of your cyber security posture against the Cyber Essentials five control areas. This page explains what the journey from assessment to certification looks like — and what you get when you engage GET-IT.
The ORA you just completed is a starting point — a temperature check against the controls that matter most. It tells you where the gaps are, but closing those gaps requires a structured process: documenting what you have, evidencing what you need, and working through each control area systematically.
That's what the GET-IT CE engagement delivers. We work alongside you — not just handing over a checklist — using a working document built directly from your answers as the backbone of the whole journey. Your ORA data doesn't disappear after the report. It becomes the foundation of the engagement.
You've completed this. Your five-pillar risk scores are calculated, your highest-risk areas are identified, and your data is ready to flow into the engagement workbook. This is your baseline — the benchmark everything else is measured against.
We define the scope of your CE assessment — which systems, devices, and cloud services are in scope — and hand over your pre-populated CE working document. This is your tracking tool for the entire journey: requirement checklists, evidence logs, asset register, and action tracker, all built from your ORA answers.
We work through each of the five CE control areas with you — firewalls, secure configuration, security updates, user access control, and malware protection. For each requirement, we identify what's already met, what needs evidencing, and what needs remediation. Nothing is assumed. Everything is documented.
For each open action we identified in the gap analysis, we provide clear, practical guidance on what needs to change and how. We stay involved through the remediation phase — you're not handed a list and left to it. The action tracker in your workbook gives you and your team a live view of progress.
When the controls are in place and evidenced, we submit for the formal Cyber Essentials assessment through an IASME-accredited Certification Body. For CE Plus, we arrange the on-site technical verification. You come out the other side with the certificate, the badge, and the audit trail to back it up.
Your engagement working document, built from your ORA answers. Covers all five control areas with requirement checklists, evidence columns, and a full action tracker. Yours to keep and update throughout the engagement.
A structured log of every in-scope device — computers, servers, IoT, cloud services. Pre-seeded from your ORA device count and completed in full during the scoping session.
A clear summary of where you meet CE requirements, where you partially meet them, and where action is needed — with priority ratings and practical remediation guidance for each gap.
The IASME-issued CE or CE Plus certificate on successful assessment. Includes use of the official CE badge and listing on the NCSC-backed certification register.
The workbook is a structured Excel file covering all eleven areas of the CE engagement. The Summary sheet gives a live RAG status across all five pillars. Each pillar sheet contains the full CE v3.3 requirement checklist with evidence and notes columns. The Actions sheet feeds the Summary automatically — every open finding is tracked in one place.
[ Illustrative only — your workbook is pre-populated from your ORA answers at engagement start ]
We work with SMEs day to day. The guidance we give is grounded in what's actually achievable for a business your size — not textbook controls designed for enterprise.
You're not handed a report and left to interpret it. We work through the remediation alongside you and stay available through to certification.
The engagement is scoped to get you to CE certification. If you need more, we'll say so honestly — but we won't manufacture reasons to extend the engagement.
Cyber Essentials certification has two components: the IASME certification fee (paid direct to the Certification Body, set by organisation size) and the GET-IT preparation and support engagement. Both are listed below so you have a complete picture before the consultation.
• All prices exclude VAT. GET-IT Solutions Ltd is not currently VAT registered.
• GET-IT engagement fees are starting points. Final scope — and therefore final price — is confirmed at the free consultation. Engagements involving significant remediation, large device estates, or complex network environments will be quoted accordingly.
• CE Plus (with on-site technical testing) is priced separately. If your results suggest Plus is appropriate, we'll discuss this at the consultation.
• Some clients engage GET-IT to reach CE standard without pursuing the formal certification — for internal assurance or pre-tender readiness. We're happy to scope that separately.
Book a free consultation — we'll review your risk assessment results with you, confirm scope, and give you a clear picture of what the engagement involves and what it costs. No commitment required at that stage.
Book a Free Consultation Retake the Assessment →[ Free consultation — no obligation — typically 30 minutes ]