Cyber Essentials Full Programme — Konve IT

Konve IT / Cyber Essentials

Three-phase programme  ·  Certification included  ·  Milestone payment

Cyber Essentials
Full Programme

From your current state to a valid Cyber Essentials certificate — gap assessment, technical remediation, and supported certification submission in a single coordinated programme. IASME certification fee included.

IASME certification fee included 30-day resubmission support included Compliance-aligned remediation
Get a quote How it works

Indicative Pricing

Base fee (up to 10 users) £1,400 Inclusive of IASME certification fee · excl. VAT
Per user above 10 — standard £55 / user
Per user above 10 — volume (25+) £50 / user 10% discount at 25+ users

Example: 20-user firm — £1,400 + (10 × £55) = £1,950 + VAT

Payment: 50% on commencement · 50% on Phase 2 completion

✓ IASME certification fee included
How the programme works

Three phases. One outcome.

The programme is structured so that the assessment informs the remediation, and the remediation is verified before the submission. No organisation submits for certification with Konve IT without knowing they are ready.

Phase 01 Gap Assessment

A structured assessment of your IT environment against all five Cyber Essentials controls.

  • Assessment of all in-scope devices — Windows, macOS, iOS, iPadOS, Android — against the five Cyber Essentials controls
  • Assessment of all cloud services in scope, including Microsoft 365 and all line-of-business SaaS platforms
  • Assessment of network configuration, firewall status, and remote worker connectivity
  • Assessment of user access control, MFA enforcement, and administrator account governance
  • Production of a Gap Assessment Report identifying every gap, its severity (Critical, High, or Advisory), and the specific remediation action required

Where a Cyber Essentials Readiness Assessment has been completed with Konve IT within the preceding six months, Phase 1 may be abbreviated to a review of changes since that assessment.

Phase 2 is scoped by Phase 1 — the remediation is targeted, not generic
Phase 02 Technical Remediation

Every gap identified in Phase 1, closed. Nothing remediated that does not need to be.

Remediation is scoped precisely by the Phase 1 findings. Konve IT does not apply a standard package regardless of your environment — the work is exactly what the assessment identified. Depending on the findings, remediation may include any or all of:

  • Microsoft 365 tenant hardening — MFA enforcement, Conditional Access, Defender activation, Purview configuration, email authentication
  • Device compliance enforcement via Intune — for clients on Business Premium where Intune has not been deployed
  • Firewall configuration remediation at boundary and device level
  • Endpoint protection configuration and coverage gap remediation
  • Patch management verification and remediation to the 14-day requirement
  • User account remediation — stale accounts, admin account separation, privilege level corrections

Where remediation work intersects with an existing Konve IT engagement — Microsoft 365 tenant deployment, Intune deployment, or tenant remediation — that work is not duplicated. The programme builds on what is already in place.

Phase 03 Certification

Supported submission through the IASME self-assessment process — with the certification fee included.

  • Preparation and review of the IASME self-assessment questionnaire responses — ensuring every answer accurately reflects the remediated environment
  • Supported submission to the IASME-licensed certification body
  • Liaison with the certification body assessor where clarification questions are raised
  • Certificate received by Konve IT on your behalf and forwarded to you on issue

The IASME certification fee — £440 + VAT for organisations of 10 to 49 users — is included within the programme fee and paid by Konve IT on your behalf at the point of submission. You do not receive a separate invoice for the certification fee.

Cyber Essentials is a self-assessed certification. The certification decision rests with the IASME-licensed certification body, not with Konve IT. Where the initial submission is referred back with assessor queries or requires resubmission, Konve IT will support the resubmission at no additional charge for a period of thirty days following first submission.

What you receive

Three written deliverables. One certificate.

Everything documented before, during, and after the programme. The Remediation Record is particularly important for regulated firms — it provides a dated, written record of your IT security posture and when it was last reviewed.

Gap Assessment Report

Produced at the end of Phase 1. Identifies every gap against the five Cyber Essentials controls, severity-rated and with the specific remediation action required. The basis for Phase 2 scope.

Remediation Record

Produced on completion of Phase 2. Documents every configuration change made, a before-and-after comparison for each control area, and a statement of alignment with Cyber Essentials controls following remediation. Suitable for regulatory review.

Cyber Essentials Certificate

Issued by the IASME-licensed certification body and forwarded to you on receipt. Valid for twelve months from the date of issue. The IASME certification fee is included in the programme fee — no separate invoice.

Who this is for

Organisations that need a Cyber Essentials certificate — not just an assessment.

The Full Programme is for organisations committed to achieving certification. If you need to understand your position before committing, the Readiness Assessment is the right starting point.

Situation 01

You hold a Legal Aid Agency contract and the October 2025 mandate applies to you.

The Legal Aid Agency mandated Cyber Essentials for all Standard Crime Contract holders from October 2025. If your certificate is not yet in place, the Full Programme is the fastest route to compliance — with the assessment, remediation, and certification delivered as a single coordinated engagement rather than three sequential ones.

Situation 02

A client, supplier, or insurer has made Cyber Essentials a condition of continuing the relationship.

Increasing numbers of public sector contracts, professional indemnity insurance policies, and supply chain requirements are conditioning continued engagement on Cyber Essentials certification. The Full Programme delivers the certificate within a defined and predictable timeframe.

Situation 03

You have completed a Readiness Assessment and know what needs to be fixed.

The Full Programme is the natural next step from the Readiness Assessment. Where an assessment has been completed with Konve IT within the preceding six months, Phase 1 of the Full Programme can be abbreviated — reducing both cost and elapsed time to certification.

Situation 04

You want to achieve Cyber Essentials as part of a broader IT security improvement programme.

The Full Programme integrates naturally with other Konve IT engagements. Microsoft 365 tenant deployment or remediation, Intune device enrolment, and email security hardening all contribute directly to the Cyber Essentials controls — work is not duplicated across engagements.

What this service does not include

Each of the following is available as a separate engagement or add-on.

  • Cyber Essentials Plus certification — available as a separate add-on
  • ISO 27001 readiness or ISMS design
  • Resubmission support beyond 30 days following first submission
  • Procurement of security software required to meet controls
  • Microsoft 365 tenant deployment or full remediation beyond CE controls
  • Helpdesk, end-user support, or break-fix
  • Ongoing management following certification
  • Annual renewal support — available as a separate pay-as-you-go engagement
Pricing

Base fee plus per-user above ten. Certification fee included.

The IASME certification fee — £440 + VAT for organisations of 10 to 49 users — is included within the programme fee. You do not receive a separate invoice. For organisations outside this size band, the applicable certification fee will be confirmed before the Statement of Work is issued.

Cyber Essentials Full Programme

Programme fee structure Incl. IASME cert fee · excl. VAT
Base feeIncludes up to 10 users · includes IASME certification fee £1,400
Per user above 10 — standard rate £55 / user
Per user above 10 — volume rateApplies where 25 or more users confirmed £50 / user
Example calculations Excl. VAT
10 users £1,400
20 users£1,400 + (10 × £55) £1,950
30 users — volume rate£1,400 + (20 × £50) £2,400
50 users — volume rate£1,400 + (40 × £50) £3,400
IASME certification fee included: The £440 + VAT IASME certification fee for organisations of 10–49 users is included within the base fee and paid by Konve IT on your behalf at submission. No separate invoice. For organisations outside this band, the applicable fee is confirmed before the Statement of Work is issued.

Payment Milestones

Milestone 1
On commencement
50%

Due before Phase 1 begins. Covers the gap assessment and Gap Assessment Report.

Milestone 2
On Phase 2 completion
50%

Due on completion of Phase 2 remediation and confirmation that the submission is ready. Includes the IASME certification fee paid by Konve IT at the point of submission.

All fees
Exclusive of VAT. Invoices payable within 14 days.

Need Cyber Essentials Plus?

Cyber Essentials Plus is the higher-assurance tier requiring an independent technical audit by an IASME-licensed assessor. It is increasingly required for public sector supply chain contracts and NHS suppliers. The Plus Preparation engagement prepares your environment and coordinates the audit — available as an add-on following this Full Programme, within the three-month IASME window.

£800 + VAT Flat fee · certification body fee additional View Plus Preparation
How to get started

Three steps from enquiry to a programme underway.

If you have already completed a Cyber Essentials Readiness Assessment with Konve IT within the past six months, contact us directly — the assessment findings will be used to scope Phase 1 without repeating the work.

01

Complete the onboarding form

Download and complete the Konve IT Client Onboarding Form. Captures your organisation details, contacts, regulatory context, and existing certifications.

02

Complete the service questionnaire

Download and complete the Cyber Essentials Questionnaire, selecting the Full Programme. Captures device inventory, cloud services, network configuration, and any known gaps or prior submission history.

03

Review and sign the Statement of Work

Konve IT reviews your responses and issues a Statement of Work within two working days. On signature and receipt of the first instalment, Phase 1 commences.

Get started Back to Konve IT Or write to it@konvegroup.com
Services that complement this programme
Cyber Essentials

Cyber Essentials Plus Preparation

The higher-assurance tier requiring an independent technical audit. Must be completed within three months of the standard certificate. £800 + VAT flat fee, certification body fee additional.

 Cyber Essentials

Annual Renewal Support

Cyber Essentials certificates expire annually. Renewal support covers the environment review, updated questionnaire preparation, and supported submission. £350 flat fee.

 Microsoft 365

Compliance-Aligned Tenant Remediation

Where Phase 1 identifies significant Microsoft 365 gaps, this engagement addresses them comprehensively — beyond the Cyber Essentials controls and against the full Konve IT security baseline.
Scroll to Top