We're pleased to confirm that Elysium has achieved Cyber Essentials certification. This joins our existing ISO 27001:2022 (Information Security Management) and ISO 9001:2015 (Quality Management) accreditations.
What Cyber Essentials is
Cyber Essentials is a UK government-backed certification scheme managed by the National Cyber Security Centre (NCSC). It defines a baseline set of technical controls that organisations should have in place to defend against the most common internet-borne attacks - the kind that account for the majority of successful breaches.
The scheme is built around five control areas:
- Firewalls - boundary protection that controls which network services are exposed
- Secure configuration - systems configured to minimise unnecessary attack surface, default credentials removed
- User access control - least-privilege access, accounts limited to what they need
- Malware protection - defences against malicious code
- Patch management - software kept up to date, particularly for high-severity vulnerabilities
These aren't exotic controls. They're the fundamentals - and the research consistently shows that getting the fundamentals right blocks a large proportion of opportunistic attacks.
Why it matters alongside ISO 27001
ISO 27001 is a management system standard. It covers governance, risk management, policies, and processes. It demonstrates that an organisation has a structured, audited approach to information security.
Cyber Essentials is a technical controls standard. It verifies that specific protections are actually in place on real systems.
The two complement each other. ISO 27001 answers "do you have a framework for managing security?" - Cyber Essentials answers "are the right technical controls deployed and working?" Together they give a more complete picture than either alone.
What it means for clients
For clients in the public sector, Cyber Essentials has been a requirement for UK government contracts involving the handling of personal data or the provision of certain technical services since 2014. Holding the certification removes a procurement friction point and provides documented assurance.
For clients in regulated industries - financial services, health, insurance - it provides a recognised, independently assessed baseline they can point to when security posture comes up in due diligence or vendor assessments.
For everyone else, it's a signal that we hold our own infrastructure to the same standard we apply to the systems we build and manage for clients.
Our security posture
Security at Elysium isn't confined to a compliance checklist. It's built into how we work: ISO 27001-aligned controls embedded in CI/CD pipelines, sovereign UK-domiciled hosting that mitigates US CLOUD Act exposure, and a Level 6 Head of Infrastructure leading our security and DevOps practice.
Cyber Essentials is one more verifiable layer in that picture - one that clients can check directly on the NCSC-backed registry.
If security and compliance are requirements on your next project, get in touch.