What is Cyber Essentials Certification?

Protecting UK schools from common cyber threats

Cyber Essentials is a government-backed certification scheme developed by the National Cyber Security Centre (NCSC) – designed to help organisations protect themselves against a range of the most common cyber threats. 

For schools and Multi-Academy Trusts (MATs), Cyber Essentials provides a clear framework for improving cybersecurity practices and, importantly, demonstrates a commitment to data protection, safeguarding and regulatory compliance.

Why Cyber Essentials matters for schools and MATs

Cyber attacks on schools are becoming increasingly frequent and sophisticated; from phishing emails and malware to ransomware and unauthorised access, the threats are diverse and persistent. The impact of such attacks can range from significant disruption to learning to breaches of sensitive student data.

Achieving Cyber Essentials Certification helps schools mitigate those risks,  ensuring that essential technical controls are in place to defend against the most common cyber threats. 

For education settings that handle large volumes of personal data, including pupil records, safeguarding information and staff details, this degree of protection is critical.

Meanwhile, Cyber Essentials also helps schools meet their obligations under data protection laws – most notably UK GDPR. For school governors and compliance officers, it offers reassurance that the school’s approach to cybersecurity aligns with national standards and best practices.

What Cyber Essentials covers

The Cyber Essentials framework is built around five key technical controls that address the most common types of cyber attacks. These are:

Firewalls – Ensuring only safe and necessary network services are exposed to the internet

Secure configuration – Setting up systems securely to reduce vulnerabilities

User access control – Managing user privileges and access to data

Malware protection – Implementing security software to identify and block malicious code

Patch management – Keeping devices and software up to date to avoid known vulnerabilities

Such measures form the baseline for good cybersecurity hygiene. Schools that achieve Cyber Essentials are recognised for meeting this minimum standard and can use the certification to demonstrate due diligence to external stakeholders, including local authorities, parents and regulatory bodies.

The difference between Cyber Essentials and Cyber Essentials Plus

There are two levels of certification. The standard Cyber Essentials certification requires the school or MAT to complete a self-assessment questionnaire that is then reviewed by an external certifying body. This process verifies that the five key controls are in place.

Cyber Essentials Plus includes the same requirements but goes a step further with an independent technical audit. This involves a more in-depth assessment, including vulnerability scanning and testing to confirm that the controls are working effectively in practice.

For schools with more complex networks or a higher risk profile, Cyber Essentials Plus offers an added level of confidence.

How Computeam supports schools in achieving certification

At Computeam, we understand the specific security needs of educational institutions. Our Computeam Secure service includes support for Cyber Essentials as part of a broader approach to cybersecurity and compliance.

We begin with a detailed security audit to assess the current state of your IT systems. From there, we work with IT managers and leadership teams to identify gaps, recommend improvements and help implement the necessary controls. This can include:

• Network and device security checks

• Staff training on cybersecurity compliance and best practices through Learning Locker

• Implementation of secure access controls

• Advice on patching and endpoint protection

• Support with completing the certification process

Whether your school is pursuing Cyber Essentials for the first time or upgrading to Cyber Essentials Plus, Computeam provides the technical expertise and sector-specific knowledge to guide you through the process efficiently and confidently.