If you fail the Cyber Essentials assessment, the Certification Body will provide feedback on the areas that need improvement. Here’s what typically happens:
- Receive Feedback:
- The Certification Body will give you detailed feedback outlining the specific areas where your organization did not meet the requirements. This feedback will highlight the gaps and provide guidance on what needs to be addressed.
- Address Issues:
- You will need to work on addressing the identified issues. This may involve implementing additional security measures, reconfiguring existing controls, or updating policies and procedures.
- Resubmit Application:
- Once you have addressed the issues, you can resubmit your application for re-assessment. It is important to ensure that all identified gaps have been thoroughly resolved before resubmitting.
- Re-Assessment:
- The Certification Body will review your resubmitted application to verify that the necessary improvements have been made. This process may involve a complete reassessment or a focused review of the previously failed areas.
- Potential Additional Costs:
- Be aware that some Certification Bodies may charge additional fees for the re-assessment process. It is advisable to check with your chosen Certification Body regarding their specific policies on re-assessment fees.
For Cyber Essentials Plus, the process is similar, but the feedback and re-assessment will include the practical verification aspects, such as vulnerability scanning and hands-on testing. Addressing the issues may involve more technical adjustments and possibly another round of testing to ensure compliance.
Engaging with a consultant or seeking expert advice can help you effectively address the identified issues and improve your chances of passing the re-assessment.
