Skip to content


What is the Cyber Essentials Pre-Assessment (CEP-A)?

The Cyber Essentials Pre-Assessment is an evaluation of your current cyber security posture and will get you prepared for whatever the next step on your cyber security journey is. 

How does it fit into my grant?

Cyber Essentials Pre-Assessment is a part of each DigitalBoost Development Grant awarded. It is included courtesy of the Scottish Government in an effort to upskill Scottish organisations and prevent attacks on organisations who are receiving these grants.  The Cyber Essentials Pre-Assessment will prove useful in spreading knowledge about cyber security essentials, and how you can improve on your organisation’s current security.

Who is involved?

Scottish Business Resilience Centre will be leading this part of the grant package and utilising their Trusted Partner network.

SBRC is a respected voice in business resilience, bringing together the Scottish Government, Police Scotland, Scottish Fire & Rescue Service, and the Scottish business community. The vision of SBRC is to be the catalyst that makes Scotland one of the safest and most resilient places to live, work, and do business, both on and offline.

This ‘Trusted Partners’ initiative, endorsed by our partners in Police Scotland, has developed into a network of independent companies focused on promoting continuous improvement in cyber resilience across all sectors in Scotland and supports the Scottish Government’s Safe, Secure and Prosperous: A Cyber Resilience Strategy for Scotland.

The IASME Consortium is the National Cyber Security Centre (NCSC) industry partner responsible for the operational delivery of the Cyber Essentials scheme in the UK. It has trained a number of qualified cyber security companies (Certifying Bodies) who will be able to help you understand basic cyber assessment questions, how they relate to your company and what steps you need to take in order to protect your organisation.

SBRC has worked with Cyber Essentials Certifying Bodies based and operating in Scotland to support organisations, both small and large, to focus on cyber hygiene and achieve Cyber Essentials or Cyber Essentials Plus, the Government backed baseline standard accreditation in cyber security.

Do I have to do it?

All recipients of DBDG must undertake a Cyber Essentials Pre-Assessment via Scottish Business Resilience Centre (SBRC) and complete all associated training within 3 months from the date of Trusted Partner allocation

How much does it cost?

The fee for this is £800 plus VAT and will be covered retrospectively by this grant. On confirmation of receiving the Digital Boost Development Grant, SBRC will invoice you this fee. This invoice is issued on 28 days payment terms. Once paid, you will need to submit proof of payment in a form of a bank statement to Digital Boost through the Development Grant portal and they will reimburse you within 5 working days of verification of submitted evidence.

What do I need to do?

Following payment, you will be introduced to the Trusted Partner who will take you through the practical CEP-A process. They will reach out to you with a self assessment questionnaire for you to complete, give you guidance on completing it and set up a call if necessary to answer any questions.
It is vital at this step to ensure the key people involved in managing the IT in your organisation are supplying the answers. 

What are the timeframes?

You will have up to 3 months to complete the Cyber Essentials Pre-Assessment with your allocated Trusted Partner. Upon allocation, SBRC will confirm your individual completion deadline via email. The process does not have a quick turnaround and can take place over a number of weeks. This is due to the thorough details Trusted Partners will need to ascertain from you, and also from the number of companies that will be going through this assessment at the same time.

If you are worried that you haven’t heard anything for a number of weeks, feel free to email [email protected], however, this is a normal time frame.

Will this be invasive into my organisations day-to-day operations?

No, absolutely not.  The CEP-A is conducted virtually and there is no need for the Trusted Partner to visit your organisation’s premises.  The Trusted Partner will be sure to check through everything with you before they begin their assessment and ensure they do not get in the way of your day-to-day operations.

What are the benefits?

Cyber Essentials is the basic recommended cyber security accreditation the government recommends every organisation have. By going through the Cyber Essentials Pre-Assessment, we will prepare you for applying for this; analyse where you are strong, weak, and what you can work on to make your organisation secure. The Cyber Essentials Pre-Assessment will also be a knowledge sharing exercise where we will share some key tips to ensure a secure organisation including all the available options to you in case of emergency.

By the end of the Cyber Essentials Pre-Assessment, you will be aware of how secure your organisation is, and how to strengthen it.

What do I get at the end?

By the end of the assessment, you will receive a gap analysis report detailing the strengths and weaknesses of your current cyber security systems, and areas you will need to put more work into to get ready if you are going to pursue the Cyber Essentials accreditation. You will also understand what resources are available for you to use, and any questions around cyber security will be answered.

So, tell me the full process from start to finish…

If you are successful in your grant application, you will receive an email from Digital Boost informing you of your success. SBRC will invoice you £800 (plus VAT) for the CEP-A. Once you have paid this invoice, you will need to submit proof of payment in form of a bank statement to Digital Boost and they will reimburse you within 5 working days.

Once paid, you will now be introduced to the Trusted Partner who will take you through the practical CEP-A process. They will reach out to you with a self- assessment questionnaire for you to complete and return. It is vital at this step to ensure the key people involved in managing the IT in your organisation are supplying the answers.

On completion, the Trusted Partner will pull together a gap analysis report. This report will assess your current cyber security in relation to the recommendations as set out in the Cyber Essentials accreditation. What you do with this report will be up to you. 

Following from this we will reach out to you to confirm you have now completed the Cyber Essential Pre-Assessment. We will also issue a Signposting Document containing handpicked guides and services from sources across the cyber security spectrum.

Is there anything else I need to do?

What you do next in your cyber journey is up to you. However, actioning the results from your gap analysis should be top of your list.

Where can I make further enquiries

Please direct enquiries to:  [email protected] or reach out through our websites chat function.