Cyber Essentials &
Cyber Essentials Plus

cyberessentials.png

Cyber Essentials Plus has fundamentally changed. What used to be a once‑a‑year certification exercise is now a continuous, year‑round security commitment.

At Roadmap, we’ve been guiding customers through Cyber Essentials and Cyber Essentials Plus for the last 10 years, and we now offer fully managed, continuous compliance services designed for the new Danzell requirements.


Ready to discuss Cyber Essentials for your organisation?

Speak to one of our experts now to understand more about how Roadmap It can help your organisation pass and maintain Cyber Essentials or Cyber Essentials +


What’s changed with Danzell
From April 2026, Cyber Essentials moved from the Willow framework to Danzell v3.3, which introduces stricter, continuous requirements.

Key changes include:

  • 14‑day critical patching required 365 days per year, not just at audit time.

  • All devices are in scope at all times, including cloud services, remote workers and BYOD devices.

  • Continuous, year‑round evidence is required; controls must be live and demonstrable, not just documented once a year.

  • Full device, user and application vulnerability management, including mandatory vulnerability scanning and remediation.

  • MFA enforced across all supported platforms, with tighter controls for hybrid and remote teams.

  • Director‑level sign‑off confirming that controls are maintained, plus integrated cyber‑insurance options at certification.

In practice, this means Cyber Essentials Plus is now an operating model, not a checkbox exercise. Most organisations need a managed approach to remain compliant.


Why Cyber Essentials matters
The National Cyber Security Centre (NCSC) is clear: organisations need to treat vulnerability management as a continuous process, not a periodic exercise. Threat actors are exploiting known vulnerabilities faster than most organisations can patch them, turning what used to be occasional “patch waves” into a constant feature of the UK threat landscape.

At the same time, rapid deployment of cloud services and AI tools is expanding the attack surface for every business. Cyber Essentials and Cyber Essentials Plus provide a practical baseline of controls for devices, users and applications, helping you meet best‑practice standards and satisfy insurers, customers and regulators.


How we manage the process
Roadmap acts as your Cyber Essentials managed service provider, handling every aspect end‑to‑end so your internal team can stay focused on the business.

We can:

  • Analyse your current environment, define in‑scope systems and users, and identify gaps against Cyber Essentials requirements.

  • Design and implement the necessary technical and policy changes across identity, endpoints, networks and cloud services, and manage the audit process through to certification.

  • Maintain live visibility of devices, users and applications, track patching status and MFA coverage, and collect the evidence you need for Danzell’s continuous‑compliance expectations.

  • Keep controls aligned as you add new staff, devices, locations and cloud services, ensuring your certification keeps pace with the way you actually work.

Or if you prefer, we can also act as a support partner, supplying Cyber Essentials packages and advice for your internal IT team to implement themselves

Platform‑driven, continuous management

Behind the scenes, we use an automated security and compliance platform to reduce manual effort and keep your organisation aligned with Cyber Essentials standards year‑round.

Typical capabilities include:

  • Automated patch management for hundreds of common applications, enforcing 14‑day critical patching windows and highlighting exceptions that need manual attention.

  • Real‑time device monitoring for Macs and PCs, showing which endpoints are compliant, missing updates, or misconfigured.

  • Centralised policy and control verification for firewalls, antivirus/EDR, disk encryption, and other core Cyber Essentials controls.

  • Integrated phishing simulations and security awareness training to improve user resilience and reduce human‑factor risk.

  • Built‑in vulnerability scanning and remediation workflows, with reporting aligned to Danzell’s continuous evidence requirements.

The result is a managed service that combines Roadmap’s expertise with always‑on tooling, so your organisation can demonstrate real, live security posture.

Cyber Essentials & Cyber Essentials Plus services

We support both Cyber Essentials (self‑assessment) and Cyber Essentials Plus (audited), with flexible engagement models, choose between:

  • A fully managed service, where Roadmap operates your Cyber Essentials controls day‑to‑day; or

  • A support‑only package, where we provide the platform, advice and audit assistance for your own IT team to run.


Interested in Cyber Essentials or Cyber Essentials Plus?

We’ll review your current position, explain your options, and outline a practical route to certification and continuous compliance.


Roadmap’s experience
Cyber Essentials, ISO 27001 and other security frameworks are already part of Roadmap’s standard operating model, and we’ve delivered Cyber Essentials projects for customers across sectors for a decade.

Our team understands both Mac and Windows environments, hybrid and remote teams, and modern cloud stacks such as Microsoft 365, Google Workspace, patch management and identity‑management platforms, so your Cyber Essentials implementation aligns with the way your organisation actually works