Get certified.
Win contracts.
Fix your insurer's requirements.
Fixed-price Cyber Essentials and CE+ for Yorkshire SMBs. Published prices — no "call for a quote". Everything included in one flat price. Book a free 15-minute scoping call today.
Three reasons Yorkshire businesses are getting certified now
Win government contracts
Cyber Essentials is mandatory for public sector contracts involving sensitive personal data. Without the certificate, you cannot bid. Local authority and NHS supply chain requirements are tightening — certification is the entry ticket.
Satisfy your insurer
Cyber insurers increasingly require CE as a condition of cover, or offer reduced premiums for certified businesses. If your policy renewal is coming up, getting certified before the date can offset the cost of the engagement.
Meet client due diligence requirements
Solicitors, accountants, dental practices, and motor trade businesses are regularly asked to demonstrate CE certification by larger clients and commissioners. It is increasingly a standard part of onboarding due diligence.
Exactly what you get — and what it costs
Fixed, published prices. All prices ex-VAT; VAT added at 20% where applicable. No separate readiness charge — everything is included.
CE Gap Analysis
Gap analysis against all five control areas. Identifies every issue before the formal process starts. Does not include certification submission. Choose this if you need to understand where you stand before committing to certification, or if you want an independent view to hand to your IT team.
CE Starter
Full end-to-end certification for smaller organisations: gap assessment, remediation guidance, policy templates, evidence preparation, submission, one resubmission if needed, and a 30-day post-cert retest window. Certificate valid for 12 months.
CE Certification
The same full scope as the Starter — flat price regardless of how many users you have. Gap assessment, remediation guidance, policy templates, evidence preparation, submission, one resubmission, named lead engineer, 30-day retest window.
CE+ — hands-on technical verification
CE+ involves an assessor testing your controls in practice — not just on paper. Carries more weight with insurers and clients requiring supply-chain assurance. Remote delivery standard.
All prices ex-VAT. VAT added at 20%. Full price table including annual renewals: detailed CE & CE+ pricing page →
Not sure which product you need?
A free 15-minute call is all it takes. We confirm your org size, the right price band, and what's involved — before any work starts.
Everything in the price — no extras
Every CE and CE+ engagement includes the following. There is no separate readiness charge, no "add-on" fees, no surprises.
- Gap assessment — methodology-driven review against all five control areas. You see exactly what passes and what needs fixing before anything is submitted.
- Remediation guidance — plain-English steps for every gap found. Your team or IT provider works through the list; we answer questions throughout.
- Policy templates — documented policies for each control area, tailored to your organisation size.
- Evidence preparation — we build the submission pack, mapping your controls to the questionnaire requirements.
- Submission handling — we handle submission to our IASME-accredited certification body on your behalf.
- One resubmission included — if a control fails and requires resubmission, that is covered in the fixed price.
- Named lead engineer throughout — one person from scoping call to certificate. No handoff to a junior analyst.
- 30-day post-cert retest window — retesting of borderline controls for 30 days after the certificate is issued, at no extra charge.
From first call to certificate in hand
Five steps. Timescale depends on how many gaps need remediation — most Yorkshire businesses complete the process within two to six weeks.
Free scoping call
15 minutes. We confirm org size, the right tier, and your price. No commitment.
Gap assessment
We assess all five controls. Plain-English gap list — nothing submitted yet.
Remediation
Your team works through the list. We provide templates and answer questions.
Submission
We prepare the evidence pack and submit to our certification body.
Certificate issued
Valid for 12 months. 30-day retest window opens. Renewal reminder sent.
Common questions before booking
What exactly is included in the fixed price?
Gap assessment against all five Cyber Essentials control areas, plain-English remediation guidance, policy templates, evidence preparation, submission handling to our IASME-accredited certification body, one resubmission if needed, a named lead engineer throughout, and a 30-day post-cert retest window. No separate readiness charge, no hidden extras. The price you see is the price you pay.
How long does it take?
From the initial call to certificate typically takes two to six weeks, depending on how many gaps need remediation and how quickly your team can work through them. Some organisations with strong existing controls have completed the process faster. The scoping call will give you a realistic estimate based on your current posture. Once the evidence pack is submitted, basic CE is typically certified within a few working days.
What is the difference between the £750 CE Gap Analysis and the £795 CE Starter?
The £750 CE Gap Analysis is a standalone gap analysis — it does NOT include submitting for certification. It is the right choice if you need to understand your current position before committing to the full process, or want an independent view to hand to your IT team. The £795 CE Starter includes the full readiness work AND the certification submission for organisations with 1–4 users. If you have 1–4 users and are ready to go all the way to a certificate, the Starter is better value.
Do I qualify for Cyber Essentials?
Cyber Essentials is available to any UK organisation regardless of size or sector. The scheme is designed for businesses with basic IT infrastructure — it does not require a complex or enterprise-grade setup. The scoping call will confirm which certification tier is appropriate for your organisation's user count and infrastructure.
We already have an IT provider. Why use an independent consultant?
When your IT provider assesses the network they built and maintain, there is a structural tension — even for diligent engineers. An independent assessment removes that tension and produces a certificate you own outright, suitable for sharing with your insurer, a regulator, or a client doing due diligence. Most organisations continue to use their IT provider day-to-day and use an independent consultant for the assessment. The two roles are complementary.
What is the current Cyber Essentials scheme version?
The current scheme is Danzell — Requirements for IT Infrastructure v3.3, mandatory from 27 April 2026. The key change from the previous version is that MFA is now required for all cloud services, not just remote access. This is a new auto-fail. All Wolds Cyber engagements are assessed against the current Danzell requirements.
What happens on the free scoping call?
It is 15 minutes. We establish your organisation size (number of users, devices, and cloud services in scope), your current posture, and the right certification tier. You leave the call with a confirmed fixed price and a clear picture of what the process involves. There is no commitment — if you decide not to proceed, that is fine. There is no charge for the call.
Book your free 15-minute Cyber Essentials call
We confirm your org size, the right certification tier, and the exact price — before any work starts. No commitment, no obligation.
Book a Free 15-Minute Call