We are pleased to announce that we have retained our Cyber Essentials and Cyber Essentials Plus accreditation for the fourth year in a row. As a multi-award-winning consultancy, in 2025 and beyond, we continue our commitment to having the right security measures in place to protect our clients and ourselves against cyber threats.

What are Cyber Essentials and Cyber Essentials Plus? 

Cyber Essentials is a globally recognised, UK Government-backed scheme that helps businesses safeguard themselves against the most common cyber attacks. Additionally, Cyber Essentials Plus carries out a more stringent evaluation of an organisation’s security measures, including vulnerability scanning and penetration testing.

Cyber Essentials focuses on five key areas: 

• Firewalls and internet gateways
• Secure configuration
• User access control
• Malware protection
• Patch management

Achieving this certification means that we have implemented robust fundamental controls and security measures that protect against 80% of common cyberattacks.

Cyber Essentials Plus takes things a step further. It includes everything in the standard Cyber Essentials certification, with the added layer of independent assessment and technical verification: 

• External vulnerability scanning
• On-site or remote testing of systems
• Verification of device and endpoint security

Cyber Essentials Plus is the gold standard for demonstrating proactive cyber protection and effectiveness in real-life conditions.

By retaining our Cyber Essentials Plus certification, we have continually proven that we have the right robust security controls in place, giving our clients, partners and community a continued peace of mind.

How did we achieve this? 

To achieve Cyber Essentials Plus, we put our systems through their paces with rigorous testing and validation. This included thorough checks across our MDM suite, ensuring automation for deployments, software updates, and security patches were fully operational and in sync.

We reviewed and hardened authentication protocols, carried out penetration testing on our website, and confirmed that our antivirus protection is watertight across all endpoints. Our firewall configurations underwent extensive scrutiny, including port scanning and external access control.

We also validated secure user access policies, role-based permissions, and multi-factor authentication (MFA) enforcement to meet the highest compliance benchmarks. 

Why should this matter to you?

For all our clients, our dual Cyber Essentials certifications reinforce a key message that your organisation can trust us to take your data, systems, and security seriously.

It also means we’re able to: 

• Accelerate onboarding for projects that require security compliance 
• Reduce supply chain risk for our partners 
• Support procurement teams with demonstrable assurance 
• Lead change confidently in cyber-sensitive transformation programmes 

How do WE within Perform enforce this? 

We believe that cybersecurity is everyone’s responsibility. These certifications are part of a broader cultural approach. Security is not just the job of IT; it’s embedded across our teams, practices, and delivery mindset. From Change Squads on the ground to leadership decision-making, we uphold the principles of good cyber hygiene. 

We take a proactive, not a reactive role with: 

• Security-First Mindset Across Roles: Everyone receives security onboarding and understands the part they play in safeguarding client data. It’s baked into project planning, delivery frameworks, and retrospectives. 

• Practical Policies and Real-World Training: We deliver regular training refreshers and run simulations to keep phishing awareness sharp. Role-based access is tightly controlled and regularly audited, and security updates are automated across all devices via our MDMs and patching infrastructure. 

• Default-Secure Configurations: MFA is enforced organisation-wide, firewall rules are routinely reviewed, and endpoint protection is standard across all machines. Devices are preconfigured to Perform’s hardened security profile, ensuring no one starts off on the wrong foot. 

• Built-In Governance: Governance at Perform is less about red tape and more about empowering everyone with secure defaults, smart tooling, and a shared responsibility to stay ahead of threats. 

A Foundation for secure change 

This milestone complements our broader commitment to delivering change with integrity, resilience, and care. As we continue to work with forward-thinking clients on cloud migration, digital transformation, and regulatory change, Cyber Essentials and Cyber Essentials Plus give all of us confidence that security is always front of mind. 

If you’d like to know more about our certifications or how we embed security into transformation delivery, let’s talk.