ITHealth is pleased to confirm the successful renewal of our Cyber Essentials Plus certification – this time under the newly introduced and significantly enhanced ‘Willow’ question set, which came into effect in April 2025.

Having previously certified under the Evendine and Montpellier regimes, we welcome the latest evolution of Cyber Essentials. The Willow update reflects the realities of modern IT environments – incorporating hybrid working models, increasing use of cloud services, and more complex device estates. It also introduces a notably more rigorous assessment process, with tighter audit timeframes, stricter scope validation, and mandated device sampling. These changes not only strengthen the integrity of the scheme but also ensure a more accurate reflection of an organisation’s true cyber posture.

“Cyber Essentials Plus has always been a solid foundation, but the Willow regime brings a new level of depth and scrutiny to the assessment,” said Craig Smith, Head of Cyber Services at ITHealth. “It genuinely tests whether an organisation is operating with effective cyber hygiene. We fully support this shift, especially given the increasing cyber threat to healthcare providers.”

At a time when NHS and healthcare organisations remain prime targets for cyber criminals, we see this not just as a compliance milestone, but as an opportunity to reaffirm our commitment to the highest standards of cyber security. By aligning with the latest National Cyber Security Centre (NCSC) guidance, we aim to provide our customers and partners with the assurance that protecting sensitive data and systems remains at the heart of what we do.

The Willow regime sets a new, more demanding benchmark for UK organisations – and we believe that’s a positive step forward for the healthcare sector and beyond.