Site logo
Menu

We’re Now Cyber Essentials Plus Certified

Aleks Sasin
April 01, 2025

We’re delighted to announce that we have achieved Cyber Essentials Plus certification. This is a significant milestone for our team and, most importantly, for the financial advisers and planners who trust us with their clients’ sensitive information. In this blog, we’ll explain what Cyber Essentials Plus is, why it matters, especially in the world of outsourced paraplanning, and what we had to do to earn this accreditation.

What is Cyber Essentials Plus?

Cyber Essentials Plus is a UK government-backed certification that demonstrates a company’s commitment to cybersecurity. It’s designed to help organisations protect themselves against the most common cyber threats. While the basic Cyber Essentials certification is a self-assessment, Cyber Essentials Plus goes a step further: it requires a rigorous, independent technical audit of our systems and processes.

Why does Cyber Essentials Plus matter for paraplanning?

As an outsourced paraplanning firm, we handle a huge amount of sensitive client data every day. Financial advisers and planners rely on us to keep this information safe, not just because it’s good practice, but because it’s a regulatory requirement. The Financial Conduct Authority (FCA) expects firms to have robust systems and controls in place to protect client data. Cyber Essentials Plus is a clear, independent signal that we take this responsibility seriously.

Not all outsourced paraplanning firms have this accreditation. In fact, it’s still relatively rare in our sector. By achieving Cyber Essentials Plus, we’re setting ourselves apart. It’s a mark of distinction and trustworthiness, something we know our clients value.

What makes Cyber Essentials Plus different?

There are two levels to the Cyber Essentials scheme:

  • Cyber Essentials: This is a self-assessment. You review your own systems and confirm you meet the required standards. It provides a basic level of assurance.

  • Cyber Essentials Plus: This is a step up. It involves a thorough, independent technical audit by a certified external assessor. This gives a much higher level of assurance, as your systems are tested in practice, not just on paper.

Cyber Essentials Plus provides a higher level of assurance because it involves an external technical audit, not just a self-assessment. This means an independent, certified body has tested our systems and confirmed that our cybersecurity measures are effective in practice.

The key benefits for you

By choosing a paraplanning partner with Cyber Essentials Plus, you benefit from:

  • Enhanced protection against cyber threats: We’ve implemented robust technical controls to keep your data safe.

  • Increased client confidence: You can reassure your clients that their information is in secure hands.

  • Compliance with regulatory requirements: Our certification helps you meet your own obligations under FCA rules.

  • Competitive advantage: You can differentiate your service by partnering with a firm that takes cybersecurity seriously.

What did we have to do to get certified?

Achieving Cyber Essentials Plus wasn’t a tick-box exercise. It required a thorough review and upgrade of our systems, processes, and team awareness. Here’s a closer look at what was involved:

1. Implementing 5 key technical controls

We had to demonstrate that we have strong defences in place across five critical areas:

  • Firewalls: We use advanced firewalls to keep out unauthorised access.

  • Secure configuration: Our systems are set up to minimise vulnerabilities.

  • User access control: Only the right people have access to the right information.

  • Malware protection: We have robust measures to detect and block malicious software.

  • Patch management: We keep all our software up to date with the latest security patches.

2. Independent assessment

Unlike the basic certification, Cyber Essentials Plus requires an external, certified auditor to test our systems. This included:

  • Scanning our networks for vulnerabilities.

  • Testing our defences against common cyber attack techniques.

  • Checking that our team follows best practices in their day-to-day work.

3. Hands-on technical verification

The auditor didn’t just take our word for it. They put our systems through their paces. This included:

  • Attempting to access our systems from outside to check our defences.

  • Testing how we respond to simulated threats.

  • Verifying that our software and devices are properly protected and up to date.

4. Policies, procedures, and people

Technology is only part of the story. We also had to show that:

  • We have clear, documented policies for managing cybersecurity.

  • Our team is trained and aware of the latest threats and best practices.

  • We regularly review and update our procedures to stay ahead of new risks.

5. Ongoing commitment

Certification isn’t a one-off event. We’re committed to maintaining these high standards, with regular reviews and updates to our systems and staff training.

Working with Protos Networks

We couldn’t have achieved this without the expert support of Protos Networks. Their team guided us through every step of the process, from the initial review of our systems to the final technical audit. They were superb: professional, knowledgeable, and always on hand to answer our questions. If you’re considering Cyber Essentials Plus for your own business, we can’t recommend them highly enough.

How long did it take?

The process took several weeks from start to finish. Preparation was key: we had to review every aspect of our IT setup, update software, run internal checks, and make sure every member of our team understood their role in keeping data safe. The external audit itself was thorough and detailed, but we were well-prepared thanks to the groundwork we’d already done.

What does this mean for Navigatus clients?

For our clients, this certification is more than just a logo on our website. It’s a promise:

  • Your data is protected by industry-leading cybersecurity measures.

  • You’re working with a partner who takes compliance and risk management seriously.

  • You can focus on serving your clients, confident that we’re looking after the security side.

Why not all paraplanning firms have Cyber Essentials Plus

Achieving Cyber Essentials Plus takes time, investment, and a genuine commitment to best practice. It’s not something you can achieve overnight or by cutting corners. Many outsourced paraplanning firms haven’t taken this step yet, but we believe it’s essential, especially as cyber threats continue to evolve and regulatory expectations increase.

Our commitment to you

At Navigatus, security and trust have always been at the heart of our work. Cyber Essentials Plus is just the latest example of that commitment. We’ll continue to invest in our systems, our people, and our processes to ensure we’re always one step ahead.

If you’d like to know more about our certification or how we keep your data safe, please get in touch. We’re always happy to talk about how we work and how we can help you deliver the best possible service to your clients.

Thank you for trusting us with your paraplanning needs.

If you’re looking for a paraplanning partner who prioritises security and compliance, we’d love to hear from you. Contact the Navigatus team today to learn how we can support your business.

Categories: Uncategorized

More Captain’s logs

01 Jan 2025

Embracing Fresh Starts and Cultivating Habits

Read more
01 Jul 2023

We made the shortlist!

Read more
Navigatus
Powered by  GDPR Cookie Compliance
Privacy Overview

This website uses cookies so that we can provide you with the best user experience possible. Cookie information is stored in your browser and performs functions such as recognising you when you return to our website and helping our team to understand which sections of the website you find most interesting and useful.