oklido
Help CenterSign In

Cyber Essentials Plus

oklido is certified under the Cyber Essentials Plus scheme, the UK government-backed cybersecurity certification.

What is Cyber Essentials Plus?

Cyber Essentials Plus is a certification that demonstrates an organisation has:

  • Implemented essential cybersecurity controls
  • Been independently assessed by a certified assessor
  • Passed technical vulnerability testing

It's the enhanced level of Cyber Essentials, including hands-on technical verification.

Our Certification

DetailInformation
Certification LevelCyber Essentials Plus
Certifying BodyIASME Consortium
Last Certified2025
Certificate NumberAvailable on request

The Five Technical Controls

Cyber Essentials Plus requires organisations to implement five technical security controls:

1. Firewalls

Requirement: Boundary firewalls to protect internal networks.

How oklido complies:

  • AWS Security Groups and NACLs
  • Web Application Firewall (WAF)
  • No direct internet access to internal systems
  • Strict ingress/egress rules

2. Secure Configuration

Requirement: Secure default configurations, remove unnecessary functionality.

How oklido complies:

  • Hardened container images
  • Minimal software installations
  • Default passwords changed/disabled
  • Unnecessary services removed
  • Regular configuration audits

3. User Access Control

Requirement: Control access to data and services.

How oklido complies:

  • Role-based access control (RBAC)
  • Principle of least privilege
  • Unique user accounts
  • Strong password policies
  • MFA available and encouraged
  • Regular access reviews

4. Malware Protection

Requirement: Protect against malware.

How oklido complies:

  • No user-installed software on servers
  • Container-based isolation
  • Automated vulnerability scanning
  • Dependency security checks
  • Email attachment scanning
  • Upload file validation

5. Patch Management

Requirement: Keep software up to date.

How oklido complies:

  • Automated dependency updates
  • Container base image updates
  • Critical patches within 14 days
  • High severity patches within 30 days
  • Patch tracking and documentation

Independent Assessment

Cyber Essentials Plus certification includes:

  1. Self-assessment questionnaire - Documented controls
  2. External vulnerability scan - Internet-facing systems tested
  3. Internal scan - Internal systems verified
  4. On-site testing - Hands-on verification by assessor

We pass all assessments annually.

Benefits for Customers

oklido's Cyber Essentials Plus certification means:

  • Verified security controls - Independently tested
  • Government standard - Recognised by UK government
  • Insurance compliance - Often required for cyber insurance
  • Supply chain assurance - Confidence in our security posture

Certificate Verification

To verify our Cyber Essentials Plus certificate:

  1. Visit iasme.co.uk/verify
  2. Search for "oklido"
  3. View our certification status

Or contact compliance@oklido.com for a copy of our certificate.

Beyond Cyber Essentials

oklido goes beyond Cyber Essentials Plus requirements:

  • Encryption at rest - All data encrypted (not required by CE+)
  • Security monitoring - 24/7 automated monitoring
  • Penetration testing - Annual third-party testing
  • Security training - Regular staff training
  • Incident response - Documented procedures

Questions

For questions about our Cyber Essentials Plus certification: