Fordway Managed Services

CIS and Cyber Essentials Plus    

How can you show that your organisation follows best IT practices? We can help...

AWS Logo

If your organisation needs to be able to prove it follows good IT Security practices, and wants to provide services to the UK Public Sector you need to prove your organisations’ security capability meets Cyber Essentials PLUS.

As part of this we also recommend aligning your security practices with CIS Controls to ensure effective security. By following our advice and defined process, and implementing the necessary tools and capabilities we will guarantee Cyber Essentials PLUS certification.

Download the full CIS and Cyber Essentials Plus Certification

What are Cyber Essentials?

Cyber Essentials is a UK government endorsed initiative operated by the NCSC National Cyber Security Centre. It describes 5 key technical controls that organisations should put in place to help prevent cybercrime and is designed to be simple and easy to operate for businesses. The 5 technical controls include boundary firewalls and internet gateways, secure configuration, access control, malware protection and patch management.


What are CIS Controls?

The Centre for Internet Security (CIS) Critical Security Controls are a set of 20 reccomended actions that provide specific and actionable ways to stop many of today’s most pervasive and dangerous cyber-attacks. The principal benefit of these controls is that they focus on and prioritise a small number of actions that provide the highest payoffs for security.

As well as achieving your Cyber Essentials Plus Certification, here are some other benefits you can expect…

End to End Organisation Security

Use the Fordway expertise and knowledge of providing comprehensive, tailored security solutions to enhance security and protection and manage cyber risk.

Comprehensive Security Assessment

Fordway will perform a detailed analysis against the existing security measures and portfolio and where real benefits can be gained.

Proactive Implementation

Fordway’s knowledge can turn reactive, knee jerk reactions to security breaches into a proactive, automated policy and risk-based response that ensures all threats are dealt with in a professional manner.

Detailed knowledge of Security Management Tools

Fordway have extensive knowledge of the Defender and Sentinel tools, and how to integrate them with other complimentary Microsoft products, including Azure Lighthouse, Monitor and Arc. These will be configured to deliver the necessary statistics and dashboard for each organisation.


Fordway will provide independent feedback on the benefits and limitations of security platforms and align with other products if necessary.

Clear Recommendations

Fordway will produce a set of costed recommendations and options on how to get the best security solution out of the licences your organisation already owns and how to migrate any systems over. 

Fordway offers over 30 years of experience advising and delivering IT infrastructure and IT service delivery change to complex enterprises.

Foldaway’s consultancy can help inform your strategy and review the options relevant for your organisation with advice aligned to your business requirements.

We Simplify Complexity

There are three stages in the lifecycle of a security programme…

Understanding and testing the current environment and undertaking a risk analysis

This will help us to understand what improvements are needed and where to meet the Cyber Essentials PLUS standard. This stage is undertaken by Fordway’s Security Consultants and Analysts.

Ensuring compliance with CIS controls and preparing for the Cyber Essentials Plus audit

The second stage is the remediation of any identified vulnerabilities and implementation of required capabilities, processes and security tools to ensure compliance with the CIS controls and ensuring your orgasnisation is prepared for and capable of passing the Cyber Essentials Plus audit. This stage can either be undertaken in house or assisted by the Fordway team.

24x7 monitoring, reporting and analysis

The third stage is 24×7 monitoring, reporting and analysis to identify ongoing security issues with continual improvement of your security posture and processes. This can either be run in house or by Fordway’s 24×7 Security Monitoring and Operations service which provides a manned 24×7 Security Operations Centre for clients.

Download the full CIS and Cyber Essentials Plus Service Description

Cyber Essentials Plus FAQs

What does the service provide?

Fordway’s AWS Assessment service reviews all or defined subsets of an organisations’ current AWS environment to identify where cost savings and efficiency gains can be made from optimising environment.  Examples of the elements we review are the following: 

  • Check for appropriate EC2 instance family selection and sizing for assigned instance workload 
  • Performance analysis of servers and storage to ensure that data is on appropriate storage tier 
  • Review VPC configuration and inter-VPC routing and security 
  • Understand access, authentication and management for operations staff and users 
  • Identify transaction based PaaS services, current charging tiers and validity 
  • Understand server and environment workload patterns to review automation, scaling and suspend/shutdown options 


What are Cyber Essentials?

Cyber Essentials is a UK government endorsed initiative operated by the NCSC National Cyber Security Centre.

What does the service provide?

Phase 1: Cloud Security Baseline – please see separate Service Description for greater detail

  • Discovery & Inventory of hardware & software assets

  • Business Environment Assessment

  • Security & Risk Governance Assessment

  • Overall Risk Assessment

  • Risk Assessment Report

  • Security scan and optional 3rd party penetration test

    Phase 2: Cloud Security Improvement to meet Cyber Essentials

  • Phase 1 Cloud Security Baseline is a prerequisite of Phase 2

  • Fordway will design, implement and configure the tools, processes and reports needed to implement CIS CSS controls appropriate to your organisation and to ensure you meet all the requirements of Cyber Essentials and are ready to undertake the external Cyber Essentials PLUS audit

  • Where absent Fordway will help implement continuous monitoring and improvement of your security posture through real-time event analysis and security incident reporting via Azure Log Analytics data collection and Azure Sentinel analysis and dashboard for historical events & real time updates

Do I need Cyber Essentials to bid for a Government contract?


Is it necessary to first obtain Cyber Essentials before gaining Cyber Essentials Plus?


How are Cyber Essentials verified?


How long does it take to get certified?


How can I order this service?

Fordway’s services can be ordered by contacting your Fordway account manager or other members of our team on 01483 528200, emailing sales@ or using the contact form on

Let’s discuss your IT needs

Speak to a member of our team today. Our team are here to help if you have any questions about gaining your CIS and Cyber Security Plus certification. We focus 100% on delivering true value for our customers.