Short answer
Fig is accredited at Level 0 and Level 1. For L2 and L3 engagements we refer suppliers to IASME-licensed certification bodies licensed for those higher levels - verifiable on the IASME directory at iasme.co.uk. We are honest about this rather than trying to take engagements we are not accredited to deliver.
Why this matters
This question affects how buyers compare Cyber Essentials with broader assurance schemes. Cyber Essentials is a baseline technical certification, so the useful answer is not only what the scheme is called, but what it proves, who administers it, and when a buyer should ask for Cyber Essentials Plus or a wider framework such as ISO 27001.
For procurement teams, the practical test is whether the certificate covers the organisation and scope named in the contract. For applicants, the practical test is whether the five technical controls are implemented across the devices, users, networks, and cloud services that access organisational data.
What to check next
- Confirm the certificate holder and scope match the buyer requirement.
- Check whether the contract asks for Cyber Essentials or Cyber Essentials Plus.
- Use the NCSC register to verify a certificate before relying on it.
Official sources and related Fig guidance
For scheme-level confirmation, use the official NCSC and IASME resources rather than relying on a supplier claim alone. Fig Group links to these sources because Cyber Essentials buyers should be able to verify the scheme, the administrator, and the certificate record independently.