Whitgifts - Common Questions about Our Services
Contacts Header

Frequently Asked Questions

Questions have been split into the following categories
  1. Certification
  2. GDPR
  3. Toolbox and packs
  4. Workshops and Education
  5. Consultancy
  6. About Whitgift Security
If you can’t find the answer to you question please contact us

What are the common Questions about Certifications?


How long does it take to get a certificate?


That’s a ‘how long is a piece of string question’! It depends on how quickly your organisation can gather the information needed and how close you are now to complying with the basic requirements of the standard. In Principal, it could be completed within 2 working days, but some organisations take months to gather the information and become compliant.
I would expect to mark the certification within 2 working days of submission.


What is the self-assessment questionnaire?


Both Cyber Essentials and IASME Governance – industry-respected certifications – rely on the marking of a self-assessment questionnaire to be filled in by the organisation.
The questionnaire is a set of questions aimed at finding out how your organisations manages security. It will ask questions eg: about how you manage firewalls you have in place, your patching regime.
Some questions begin with a Yes/No element, but you are encouraged to add optional comments, and others require 2-3 sentences describing HOW you implement the security measure. This is required to ensure that the organisation has understood the question and is implementing an appropriate set of measures.
The Cyber Essentials questionnaire is a subset of the IASME Governance questions. There are about 60 questions in the Cyber Essentials Assessment and 150 for IASME Governance.
See Certifications Page for a copy of the questions. link


What is the process to get Cyber Essentials or IASME Governance certificates?


The organisation answers questions about how security is managed within their organisation. The answers are submitted via a cloud-based portal.
A board member asserts that the questions have been answered honestly.
The questions are marked by an accredited assessor. Where there are issues with answers you will be provided with comments on how to improve security to become compliant with standard.
If you pass you will be sent the certificate and report via email.


What happens if I fail Cyber Essentials certification?


There are a number of reasons why organisations may fail – maybe there is simply insufficient information in the responses, or it may be that the organisation’s security is not up to standard.
Where an organisation has failed they will be provided with comments on the issues with some advice on what needs to be done to improve security.
Organisation have an opportunity to resubmit ONCE if they have failed. Resubmission must be within 2 weeks or a new certification fee must be paid.


What happens if I fail IASME Governance certification?


See previous answer.
If you have passed the Cyber Essentials certification questions you will get that certificate – even if you have failed the additional questions associated with IASME Governance.


How long are certificates valid for?


The Cyber Essentials certificate has no formal expiry date, however you are recommended to update certification yearly. IASME Governance certificates are valid for 1 year.
Note that free Cyber Insurance is for 1 year from the date you passed the Cyber Essentials certificate.


Why would I want Cyber Essentials Plus or IASME Governance Audited?


These certificates are verified by an independent auditor, providing further proof that you are following the requirements of your chosen standard. Some organisations may require their supply chain to have an audited certificate to comply with their risk assessments.


Is there a timescale that Cyber Essentials Plus or IASME Governance Audited have to be completed?


Yes. You need to complete Cyber Essentials Plus or IASME Governance Audited within 3 months of having achieved Cyber Essentials/IASME Governance self-assessment.


Can I go straight to the audited level?


No you must pass Cyber Essentials or IASME Governance self-assessment before you start on the audited level.


Someone wants me to have a vulnerability scan. What is it?


A vulnerability scan is a technical audit of the systems that are in scope for Cyber Essentials.


Do I need a vulnerability scan for Cyber Essentials?


For Cyber Essentials a vulnerability scan is not required although other ‘Accreditation Bodies’ may require and charge for such a scan. However, this is not required by the Government and certification through IASME, without a vulnerability scan, is just as valid a Cyber Essentials assessment as any other.
For Cyber Essentials Plus a vulnerability is required.


Where can I use the certificate?


You can use your certificate on websites and on publicity material. There are guidelines you have to follow when using the branding.


Can anyone check that I have a certificate?


The National Cyber Security Centre Cyber Essentials Website has a list of all organisations who have a Cyber Security Certificate issued in the last 12 months.
The IASME Website has a list of all organisations who have an IASME Governance Certificate.

What are the common Questions about GDPR, Toolboxes & Packs?


What is GDPR?


General Data Protection Regulation (GDPR) is a new law that protects EU citizens’ personal data.
The UK’s The Data Protection Act 2018 – is the UK’s implementation of GDPR for use after Brexit.
The new regulations have tightened IT data security legal requirements and increased the potential for high fines. For a very high-level summary see link


Does my organisation have to worry about GDPR?


Probably. Businesses, charities, sole traders, start ups – any operation holding personal data or offering services or goods to people or businesses in the EU is required to comply.
Remember – the contact data for your clients, employees and suppliers all counts as personal data.


Can I see a sample of the documents in the toolbox?


Yes, contact us, and we can discuss your requirements and send you an example.


Can I pick and choose documents from the document packs?


Contact us for a discussion about your requirements.


Can the documents be used in support of compliance with other data privacy legislation?


Documentation packs and toolbox could be used in preparation for compliance with privacy legislation with similar underlying principles to GDPR.

What are the common Questions about Workshops and Training?


Where do you run workshops?


There are currently no public workshops planned. If you are interested in a public session contact us to express interest.


Can you create me a customised workshop?


All workshops are customisable to meet an organisation’s specific needs.


How many people will attend workshops and training sessions?


I would recommend that the optimal size for a workshop is 10-12 people, or for training session 15-20. This gives an opportunity for all to be involved in discussions with the ability to cover questions of interest to the participants.


Who are the Workshops intended for?


The Workshops are intended for leadership and management teams, so that they understand issues and the things they need to think about for their organisation’s security.
Cyber Security is a balance of risk, threat and resources, with many ways issues can be addressed and solved at many different cost points.
Security Awareness Training sessions are intended for anyone in the organisation (or people in their supply chain) who ever access or uses the organisation’s network (including personal/out-of-office devices)

What are the common Questions about Consultancy?


Do I have to choose one of the defined services?


No. We can be very flexible in supporting your needs. Call us for a conversation about how we can help.


Will you come to us?


Probably. It depends on location, and the level of consultancy that you need. Call.


Can I ask for Whitgift Security to solve a one-off problem?


Yes, we would be happy to do that.

What are the common Questions about Whitgift Security?


How will you use/store/share my data?


Please see our Privacy Statement and Terms and Conditions, and/or contact us. Link to Privacy Notice and T&C

Get in Touch

Let Whitgift Security help you secure your online business now
Contact us
Scroll Top