Cyber Essentials
Annual Renewal Support
Your Cyber Essentials certificate expires every twelve months. This engagement reviews your environment for changes since last certification, prepares your renewal questionnaire, and supports submission — so the certificate stays current without the effort of a full programme.
A lapsed certificate is the same as no certificate — and it happens without warning.
Cyber Essentials certificates are valid for twelve months from the date of issue. They do not auto-renew. They expire quietly, with no reminder from IASME unless you have set one up yourself. For a law firm with a Legal Aid Agency contract, an expired certificate means a breach of contractual obligations. For a firm supplying a public sector client, it means being unable to demonstrate compliance at the next audit. For an organisation whose insurer asks for the certificate at renewal, it means an awkward conversation.
Renewal is not simply a matter of resubmitting the same questionnaire. Your IT environment has changed since last year — new devices, new cloud services, new staff, possibly a new Microsoft 365 configuration. The renewal questionnaire must reflect your current environment, and if changes have introduced gaps against the five Cyber Essentials controls, those gaps need to be identified and closed before submission.
This engagement handles the review, identifies any changes that affect your compliance position, addresses minor gaps within the flat fee, and supports the renewal submission — so renewal is a defined, managed process rather than a last-minute scramble.
The renewal timeline — what should happen each year
Contact Konve IT
Initiate the renewal engagement two months before your certificate expires. Allows time for the environment review, any minor remediation, and submission without deadline pressure.
Environment review and questionnaire preparation
Konve IT reviews changes since last certification, identifies any gaps, addresses minor issues, and prepares the renewal questionnaire responses.
Supported submission
Renewal questionnaire submitted to IASME with your board signatory declaration. Certificate issued on successful assessment.
Certificate renewed
New certificate valid for a further twelve months. Diarise next renewal for month ten of the new certificate.
Review, prepare, submit. Everything in the flat fee.
The renewal engagement is deliberately lean. It does not repeat the full programme. It focuses on what has changed since last certification and ensures the renewal submission accurately reflects your current environment.
Environment Change Review
A review of material changes to your IT environment since the previous certification — new devices, new cloud services, new or changed user accounts, changes to Microsoft 365 configuration, changes to your network or firewall configuration. Any change that might affect your compliance position is identified and assessed. This is not a full gap assessment — it is a targeted review of what has changed and whether those changes introduce any compliance risk. Minor configuration gaps identified during the review are addressed within the flat fee. Significant remediation work that goes beyond the scope of a renewal review is subject to a written change order and additional fee before work commences.
Renewal Questionnaire Preparation and Submission
Preparation of the IASME renewal self-assessment questionnaire responses, reflecting your current environment following the change review. Review with your nominated technical contact before submission. Coordination of the board signatory declaration required by IASME — a director, partner, or equivalent must countersign the submission. Supported submission to the IASME certification body. Where the initial submission is queried by the assessor or referred back, Konve IT will support one resubmission within fourteen days of the query at no additional charge.
A renewed certificate. Nothing more complicated than that.
The renewal engagement does not produce a written report. The deliverable is the renewed certificate. The engagement is complete when it has been issued.
Renewed Cyber Essentials Certificate
Issued by the IASME-licensed certification body and forwarded to you on receipt. Valid for twelve months from the date of issue. The IASME renewal certification fee is not included in the Konve IT preparation fee and is payable directly by you — Konve IT will confirm the applicable fee for your organisation size when the engagement commences. Typical renewal fees: £320 + VAT for organisations of up to 9 users, £440 + VAT for 10 to 49 users.
Supported Submission Process
The questionnaire reviewed, your board signatory coordinated, and the submission made with Konve IT support — not by your practice manager working from last year's answers and hoping nothing has changed. Single resubmission support included within fourteen days of any assessor query, at no additional charge.
The renewal engagement is scoped for an organisation whose environment has not materially changed since last certification. Significant changes require additional work.
- The IASME renewal certification fee — payable directly by you
- Significant remediation arising from material IT environment changes — subject to a written change order
- More than one resubmission following an initial assessor query
- Initial Cyber Essentials certification — available under the Full Programme
- Cyber Essentials Plus renewal — available under a separate engagement
- Any work outside the scope of supporting the annual renewal submission
One flat fee. No per-user component.
Unlike most Konve IT services, the renewal fee does not vary by organisation size. The work involved in a renewal engagement — environment change review, questionnaire preparation, and supported submission — is broadly consistent regardless of headcount.
Cyber Essentials Annual Renewal Support
- Review of IT environment changes since previous certification — devices, cloud services, accounts, and configuration
- Minor configuration remediation within the scope of the renewal review, at no additional charge
- IASME renewal questionnaire preparation and review with your nominated contact
- Board signatory declaration coordination
- Supported submission to the IASME certification body
- Single resubmission support within 14 days of any assessor query, at no additional charge
Contact Konve IT two months before your certificate expires.
The renewal engagement is short but it needs enough time to complete properly. Initiating it two months before expiry allows for the environment review, any minor remediation, questionnaire preparation, submission, and any assessor queries — without deadline pressure. Do not leave it until the month of expiry.
Complete the onboarding form
Download and complete the Konve IT Client Onboarding Form. If already submitted for a previous engagement, you do not need to complete it again — simply provide your updated certificate details.
Complete the service questionnaire
Download and complete the Cyber Essentials Questionnaire, selecting the Annual Renewal. Captures your existing certificate reference and expiry date, and any material IT environment changes since last certification.
Review and sign the Statement of Work
Konve IT issues a Statement of Work within two working days. On signature and payment of the £350 + VAT fee, the engagement commences. Certificate renewal is typically completed within three to four weeks of commencement.