Cyber Essentials readiness · Singapore

Get certified. Keep your contracts. Lose the dread.

Cyber Essentials readiness: S$6,000, six days of work, up to 70% co-funded for eligible SMEs. That's the whole sentence.

Readiness record · private issue

Status AUDIT-READY AS AT JUL 2026
CSA mark area · issued separately
Scheme
CYBER ESSENTIALS
Scope
S$6,000 · SIX DAYS
Consultant
NAMED ON EVERY JOB
Reviewed
JUL 2026
A readiness record, not a certificate. Certification is issued by the scheme's appointed bodies.

Prices published in full

Up to 70% co-funding for eligible SMEs

A named consultant on every job

The neighbourhood we protect

Don't lose the deal to a checkbox.

Clinic, logistics, software, online shop: sooner or later a tender, a client or an insurer asks each of them for the mark. We get Singapore's small and medium businesses audit-ready before that question costs them the work.

Hand-drawn row of Singapore shophouses labelled clinic, logistics, engineering, software, accounts and e-commerce: the kinds of small company that need cybersecurity certification, a few showing a small readiness tick by the door, with people going about their day

Nobody wakes up wanting a cybersecurity mark.

Something asked for it. Our job is to make the asking stop, quickly and without drama.

See where you stand before you talk to anyone.

One mark leads to the next. Start on the step you need.

Most clients start with Cyber Essentials because that is what the tender asked for. The work we do there carries forward: each mark reuses the last one's homework.

  1. Available now Cyber Essentials The baseline CSA mark most tenders ask for. Six days of work.
  2. Available now Data Protection Essentials The IMDA and PDPC baseline for personal data. Pairs naturally with Cyber Essentials.
  3. Available now Cyber Essentials for clinics The healthcare variant, mapped to the Health Information Act. Built for clinic hours.
  4. First cohort late 2026 Cyber Trust mark The tiered CSA mark for growing organisations. Tier 3 becomes mandatory for licensed cyber providers by end-2026.
  5. From 2027 ISO 27001 · DPTM · ISO 42001 The long game: international standards and the Data Protection Trustmark, built on everything above.

For Singapore's small & medium businesses.

Clinics, logistics, engineering, software, professional services and online retail tend to feel it first. But if any customer, tender or regulator has asked your SME to certify, you are in the right place.

We get you ready. An independent body certifies you.

We prepare companies the way any serious exam is prepared for: a syllabus of five control areas, a schedule of six days, real insight into what auditors actually check, and a named consultant who stays until it is understood.

We prepare you. An independent certification body certifies you. That's the rule, and it's a good rule.

Read the full method
Six days of work, total

Your client portal, most weeks

Nothing due from you this week. We'll nudge you when that changes.

The facts, dated.

Everything we publish carries the date we checked it. If a number on this site is ever stale, tell us and we will correct it the same week.

Cyber Essentials readiness: S$6,000, six days of work, up to 70% co-funded for eligible SMEs. That's the whole sentence.

Eligible SMEs can receive up to 70% co-funding for cybersecurity readiness through Government support schemes.

Plain answers

Do you issue the Cyber Essentials mark yourselves?

No, and nobody offering readiness services should. We prepare you until you are audit-ready; an independent, CSA-appointed certification body does the certifying. That separation is required by the scheme, and it protects you.

Which certification does my business actually need?

It depends on who is asking. Most tenders ask for the Cyber Essentials mark; a customer’s data-protection questionnaire usually points to Data Protection Essentials; larger or more digitalised organisations move up to the Cyber Trust mark, and clinics have their own healthcare path under the Health Information Act. If you are not sure, the ten-minute mock audit on this site routes you to the right one.

How long does it take to get audit-ready?

Six working days of our time for Cyber Essentials, usually spread over two to four weeks around your schedule. You will see the six days planned out before we start.

A tender is asking for the mark and the deadline is close. Can you make it?

Bring us the tender and the date, and we will tell you honestly whether it is makeable before you spend anything. The mock audit on this site takes ten minutes and shows you the gap first.

What if the auditor finds gaps after your work?

Our engagement covers you to audit-ready, and we say exactly what that means: every control evidenced, every document in place, a dry run completed. If the certification body still finds a gap in scope we prepared, we fix it with you at no extra fee.

Bring us the tender. We'll bring the plan.

A 30-minute chat with a consultant, not a salesperson. You leave with a plan on one page, whether or not you hire us.