Cyber Advisor (Cyber Essentials) Implementation
The ‘Certificate of Competence in Cyber Essentials Implementation’ assessment assures businesses that the holder is competent to advise on and implement the requirements of the Cyber Essentials scheme and the value of certification.
This certification is endorsed by the NCSC and is managed to their high standards.
For more details on the assessment criteria, knowledge skills and behaviours required and the duties of a Cyber Advisor, please click here.
Assessment Process, Preparation and Rules
Prepare for the assessment
All Applicants are responsible for ensuring they are ready for the assessment. Prospective Applicants should self-assess against these requirements and only book the assessment once they meet them. Applicants should understand:
- The duties, knowledge, skills, behaviours and assessment criteria required of the Advisor; details can be found in the Cyber Advisor Scheme Standard here.
- The NCSC Cyber Essentials: Requirements for IT Infrastructure Document found here. This document is the authoritative guide to the requirements for Cyber Essentials.
The Cyber Scheme has taken steps to reduce the possibility of cheating or gaming in the assessments; however, we still rely upon the ethical behaviour of professionals who have undergone an assessment to support the protection and privacy of the content.
Applicants who undertake the assessment will be bound by The Cyber Scheme’s terms and conditions and non disclosure agreement. any disclosure of information about the content of assessment centres will be considered in direct violation of those terms.
Applicants requiring reasonable adjustments must inform The Cyber Scheme at the time of booking. Applicants may be asked to consider alternative assessment dates to ensure the reasonable adjustments can be implemented appropriately.
Before the Assessment
Applicants will be sent a detailed set of joining instructions approximately two weeks before the exam date. They can also be found here. These instructions include what to bring, ID requirements and more – please make sure you read these instructions before attending the exam.
The objective of the assessment is to ensure that Applicants have the necessary competence to perform the duties of the Advisor.
Applicants will be presented with real-life scenarios (see Appendix A) and will be required to understand the organisation and any issues they may have in achieving compliance with the Cyber Essentials controls. During the assessment, Applicants may be asked to:
- Present findings.
- Present options.
- Plan implementation activities.
- Work with customers or their representatives.
- Implement solutions.
Throughout the process, Assessors will observe Applicants; Assessors will note the Applicant’s responses to the requirements. To ensure fairness of the assessment, Assessors will be provided with reference material to assess against.
You will be assessed on the three main aspects of being a Cyber Advisor:
- Your technical knowledge of the standard.
- Applying that technical knowledge to practical applications.
- Consulting skills.
The assessment is set to assess these points as follows:
- Multiple-choice questions, designed to test the knowledge of the Cyber Essentials standard.
- Short form written answers that affirm further knowledge of the standard, and also test practical implementation of the requirements.
- A discussion session with an assessor playing the role of the customer. This is designed to test the Candidate’s consulting skills.
The assessment will be based on a single business scenario throughout.
To pass, candidates must:
- Pass the multiple-choice section of the assessment with a minimum score of 80%. Failing the multiple-choice questions will result in an overall failure of the assessment centre.
- Pass the short form written answers and the discussion section with a combined average score of 75%.
Tips for Success
For various reasons we are seeing candidates sit this exam inadequately prepared for their assessment; as a result, we are seeing some common but avoidable errors. Please read the advice below to maximise your chance of passing the assessment.
- Read the questions thoroughly.
The multiple-choice and the short-form questions are separate and different questions. Many candidates appear to be writing longer answers for the multiple-choice question and ignoring the short form question.
- One of the elements we are testing in the short-form questions is the ability of the candidate to address in writing the technical aspects of Cyber Essentials to a specific audience.
One common error we are seeing is candidates using technical terminology which a non-technical business owner will not understand or be able to action. Another mistake is to just recite the standard without making appropriate and manageable suggestions for improvements. We are looking for you to interpret the standard and make it relevant to the scenario. Short-form answers should be written as though you are addressing the customer described in the scenario.
- Treat the final section as a true discussion between you and a customer, not a question and answer session between you and your assessor. Treat it as you would a customer meeting, where you may need to clarify points from a previous session, explain the contents of a report, and most importantly ensure your response matches the level of your customer’s understanding.
During your assessment, you will be given a Business Scenario designed to reflect a typical consulting assignment. This will include background information about a business which you will need to evaluate and react to, as you would when working within a real company. For an example of the sort of scenario you might be given, please click on the button below.