How quickly can I get Cyber Essentials certified?

Fig Group guarantees Cyber Essentials certification within 6 hours of self-assessment submission for orders placed before midday, provided the submission is compliant. If corrections are needed, up to three rounds of structured feedback are included at no extra cost. Cyber Essentials Plus takes 1-3 working days due to the external technical verification requirement.

How much does Cyber Essentials cost?

Cyber Essentials costs from £299.99 + VAT (micro, 1-9 employees) to £549.99 + VAT (large, 250+ employees). Cyber Essentials Plus costs from £1,499 + VAT to £4,499 + VAT. Fig Group pricing is fully inclusive - no hidden fees, no revenue-based quoting, no mandatory add-ons.

Is Cyber Essentials mandatory?

Cyber Essentials is required under PPN 014/21 for certain UK central-government contracts handling sensitive or personal data. It is also increasingly required by NHS supplier frameworks, local authorities, regulated financial-services counterparties and private-sector enterprise procurement teams as the baseline evidence of foundational cybersecurity.

What is the difference between Cyber Essentials and Cyber Essentials Plus?

Cyber Essentials is a self-assessed questionnaire reviewed by an IASME-licensed assessor. Cyber Essentials Plus adds an external vulnerability scan and a sampled technical audit of end-user devices, independently verifying that the five controls are operating in practice. Both certifications are valid for 12 months and carry the same NCSC badge.

London Sector Hub

Cyber Essentials for SJP Partner Practices St James's Place Partnership Compliance

Fig Group certifies St James's Place Partner Practices across London and the UK on a published flat fee with a six-hour turnaround for compliant submissions. We have certified practices of every size - single-Partner practices, regional hubs, and the larger network partnerships - and understand the specific technology environment the SJP Partnership runs on.

View pricing Speak to the team

SJP's Partner-wide cyber essentials mandate means every Partner Practice - from single-Partner setups to large network partnerships - now needs IASME-licensed certification on an annual renewal cycle. Fig Group has certified Partner Practices of every size. We apply the same flat published fee, the same six-hour turnaround, and the same three free feedback rounds across the network.

The SJP mandate in practice

St James's Place has historically operated one of the largest restricted-advice partnerships in the UK, with an internal technology stack that Partner Practices are expected to align to. The cyber essentials mandate applies across the Partnership - meaning certification is not optional for any practice that wants to continue transacting through the SJP platform. For many smaller practices this represents the first formal cyber certification they have pursued, and the scoping questions can be unfamiliar.

Typical Partner Practice scope: partner and adviser workstations, Practice staff workstations, the Practice mail environment, any client-data files stored locally or in practice-managed cloud storage, the Practice network (router, firewall, wireless access points), and the mobile devices used for client meetings. The SJP-managed systems (Salesforce Financial Services Cloud, Panacea, the internal Partnership portal) typically sit outside the Practice's own Cyber Essentials scope because the Partnership operates those platforms centrally - but any device used to access them is in scope.

Cyber Essentials vs Cyber Essentials Plus for Partner Practices

Cyber Essentials (self-assessed) is the level the mandate currently requires for the majority of Partner Practices. A minority of larger practices - or those with bespoke infrastructure outside the standard Partnership-issued estate - need Cyber Essentials Plus, which adds an external vulnerability scan and a technical audit. Fig Group's published fee for Cyber Essentials Micro (1-9 employees) is £299.99 + VAT, which covers the majority of sole-Partner and small-Practice setups. Practices with 10-49 staff pay £399.99 + VAT; 50-249 staff pay £449.99 + VAT.

For Partner Practices considering Plus, the uplift is meaningful but still transparent: £1,499 + VAT at Micro, £1,999 + VAT at Small. No revenue-based pricing, no hidden fees, no mandatory consultancy add-ons. Every Plus engagement includes the external scan and the sampled endpoint audit as standard.

How Fig Group works with Partner Practices

We run the entire engagement remotely for the majority of Partner Practices. Scoping is a thirty-minute call where we identify in-scope assets and resolve the Partnership-vs-Practice boundary. Submission runs through our portal. Three review rounds are included at no extra cost. Certification for compliant submissions is issued within six hours.

For Practices based in central London who would prefer an in-person scoping session, our office at 167-169 Great Portland Street is a short walk from Oxford Circus - convenient for Partner Practices in the West End corridor. We also support multi-Partner group engagements where a network hub wants to run multiple Partner Practices through certification on a single timeline.

6-hour guarantee

Issued within six hours of a compliant submission.

From £299.99 + VAT

Published flat fee. Never quoted on revenue.

IASME licensed

Authorised certification body for CE and CE Plus.

3 free reviews

Included if remediation is needed.

Where SJP Partner Practices concentrate in London

Fig Group certifies organisations across every London borough. These boroughs are the main clusters for sjp partner practices:

Westminster City of London Wandsworth

SJP Partner Practices: Frequently asked questions

Ready to certify your sjp partner practices organisation?

Six-hour guarantee for compliant submissions. Three free review rounds. Published flat fee from £299.99 + VAT.

View pricing Ask a question

Speak to the team

Tell us about your sjp partner practices organisation and we will come back with a fixed price and a target certification date.