Protect your beneficiaries, secure your funding.
Cyber Essentials certification from an IASME-accredited body that understands the charity sector. Meet funder requirements, protect sensitive data, and demonstrate responsible governance.
Why Charities Need Cyber Essentials
Charities are increasingly targeted by cyber criminals because they hold sensitive data -- beneficiary records, donor details, safeguarding information -- but often lack the security resources of commercial organisations. The Charity Commission now explicitly recommends Cyber Essentials as a baseline.
Many funders, including government departments and the National Lottery Community Fund, require or strongly recommend Cyber Essentials certification as a condition of grant funding. Without it, you may be disqualifying your organisation from significant income streams.
Cyber Essentials Certification
Cyber Essentials covers five fundamental technical controls: firewalls, secure configuration, user access control, malware protection, and patch management. For most charities, achieving certification requires practical changes rather than expensive technology -- it is about getting the basics right.
As an IASME-accredited Certification Body, we assess and issue your certificate in-house. We guide you through the self-assessment questionnaire, help remediate any gaps, and conduct the assessment ourselves. No third parties, faster turnaround, and a team that understands charity budgets.
Cyber Essentials Plus
Cyber Essentials Plus adds hands-on technical verification to the self-assessed standard. Our assessors scan your systems for vulnerabilities, test configurations, and run phishing simulations. For charities handling highly sensitive data -- safeguarding cases, health records, or financial information -- CE Plus provides demonstrable assurance.
The additional cost over standard Cyber Essentials is modest, and the added credibility with funders, partners, and regulators can be significant. We conduct the technical assessment from our Norwich operations centre.
Certification Readiness Assessment
If you are unsure whether your charity would pass Cyber Essentials today, a readiness assessment gives you the answer without the risk of failing a formal assessment. We review your current controls against the five CE requirements and produce a clear remediation plan.
This is particularly valuable for charities with limited IT knowledge internally. We explain what needs to change in plain language, prioritise by risk and effort, and can help implement the changes if needed.
Security Awareness for Staff & Volunteers
Cyber Essentials addresses technical controls, but your people are still your biggest vulnerability. Phishing emails, weak passwords, and social engineering target the human layer -- and charities with high volunteer turnover need ongoing awareness, not a one-off training session.
Our awareness programme is designed for charity teams: short, practical modules that fit around busy schedules. We cover the threats that actually target charities and test retention through simulated phishing campaigns.