We’re excited to announce that Admin By Request has completed the Cyber Essentials Plus certification audit for the first time. This UK government-backed certification involves rigorous independent testing of our systems and vulnerability scanning across our entire infrastructure.
Unlike many security certifications that rely on self-assessment, Cyber Essentials Plus brings in external experts who scan your systems, test your controls, and look for problems. Finding even one critical vulnerability means failure.
How the Audit Works
The audit process took months and involved our entire team. Assessors examined every part of our infrastructure:
- All internet-facing servers and devices
- Firewall configurations and network security
- Patch management processes across all systems
- User access controls and privilege management
- Malware protection and threat detection
They ran vulnerability scans, tested our firewalls, checked if we keep systems patched, and verified that our access controls work properly.
Organizations with Cyber Essentials controls in place make 92% fewer insurance claims than those without the certification. The framework maps to other security standards like ISO 27001, but focuses specifically on technical controls rather than governance and policy documentation.
Why Vendor Security Matters More Than Ever
Vendor security has become a standard part of enterprise procurement. Companies now send detailed security questionnaires to potential suppliers, and many contracts include specific certification requirements. Insurance providers also evaluate vendor security practices when setting premiums.
When major vendors get compromised, the impact spreads quickly to their customers. The 2020 SolarWinds attack saw hackers inject malicious code into software updates, affecting over 18,000 customers including government agencies and Fortune 500 companies. Organizations had no way to detect the compromise because they trusted their vendor’s digitally signed updates.
This certification matters because it validates our security practices through independent testing rather than vendor claims. When you’re evaluating privilege management solutions that control admin access across thousands of endpoints, knowing your vendor has passed rigorous security audits provides additional confidence in their ability to protect your infrastructure.
What This Means Going Forward
Cyber Essentials Plus certification expires annually, which means we’ll go through this audit process every year. That creates ongoing accountability for our security practices rather than one-time assessment.
For customers using our Zero Trust Platform, this certification provides third-party validation of our security practices. When you’re asked about vendor security in your own audits or compliance reviews, you have concrete evidence of our security standards. We’re proud of this achievement and the teamwork it took across our entire organization.
Want to learn more about how our security-first approach can help your organization? Book a demo with our team, or download the Free Plan to test our solutions on up to 25 endpoints.
