Cyber Essentials is more than a certificate. It shows funders, clients and partners that you’re serious about protecting data and reducing risk. For charities it can unlock grants, for manufacturers it can keep supply chains open, and for professional services it’s often the difference between winning or losing work.At Andisa, we’ve built a proven path to certification. The only question is how you want to get there: a one-off project or an ongoing managed service.
The One-Off Project Approach
For some organisations, a project-based approach fits best.We start with a survey of your IT security maturity, based on IASME’s current questions. From there we confirm how many consultancy days are needed, then guide you through policies, security tools, installation, and finally the IASME questionnaire in your name.Case study: A Yorkshire CathedralWith 150 users and many volunteers using their own devices, the Cathedral needed Cyber Essentials to reassure donors. As a grant-funded organisation, they chose a one-off project. It worked — but each year brings the same challenge again.
Advantages:
Disadvantages:
The Ongoing Subscription Approach
For our Managed IT Support clients, we offer Cyber Essentials as part of a monthly subscription — typically around £100 per device per year (e.g. £200 a month for a 25-device organisation).Because we already manage your IT, the cost is lower than repeating one-off projects. And if certification fails, we pay the second application fee.
Case study: A Loss Adjuster
With ten internal staff and a network of contractors, compliance wasn’t just a tick-box — it was critical for winning work. With our subscription, certification is now part of day-to-day IT management, not a once-a-year scramble.
Case study: A Harrogate Manufacturing Client
With 25 devices, this client benefits from our regular engineer walk-arounds. Cyber training for staff is delivered alongside technical checks, embedding security as culture, not paperwork.
By adding our trusted product stack
Heimdal (for antivirus, patching, encryption, and spam filtering), Intune for device management, Entra for conditional access, Unifi networking with automated firmware updates, and Hornet and Dropsuite cloud backups — clients make compliance far simpler and more reliable. For most of our Managed IT Support clients, these tools are already in place as part of their service. Where they aren’t, we’ll recommend them, because together with our consultancy they create a proven, near-guaranteed path to certification.
Advantages:
Disadvantages:
Both approaches at a glance
One off consultancy
Cost
£2k+ & application fee each year
Commitment
Project Only
Certification Risk
Continued cost as certification needs change
Culture
Once-a-year tick-box
Predictability
Annual spikes
Product Stack
Separate consultancy installs and configures tools
Ongoing Subscription
Cost
~£100 per device per year, monthly
Commitment
Continuous, part of support
Certification Risk
We cover all application fees
Culture
Embedded training, board-level review & best practice
Predictability
Smooth, fixed, monthly
Product Stack
Most clients already have our trusted stack in place; recommended for near-guaranteed compliance
Which Route Is Right for You?
If you simply need to tick the compliance box this year, the one-off project works.But if you want certainty, predictability, and peace of mind — where certification is just part of how your business runs — our ongoing subscription is the smarter choice.
