WHAT IS CYBER ESSENTIALS?
Achieving the Cyber Essentials certification means that an organisation’s IT systems meet a certain level in the five following controls:
Boundary Firewalls and Internet Gateways – these are devices designed to prevent unauthorised access to or from private networks. Good setup of these devices is important for them to be fully effective.
Secure Configuration – ensuring that systems are configured in the most secure way for the needs of the organisation.
Access Control – ensuring only those who should have access to systems have access and at the appropriate level.
Malware Protection – ensuring that virus and malware protection is installed and is up to date.
Patch Management – ensuring that the latest supported version of applications is used and all the necessary patches supplied by the vendor have been applied.
Demonstrates to customers that your business takes cyber security seriously.
Helps to ensure your business complies with Art. 32 GDPR “Security of processing” and Data Protection Act 2018
Provides some clarity on the essential security controls your business needs to have in place.
Identifies areas within organisations where there is room for improving existing security controls.
Automatic Cyber Liability Insurance for UK domiciled organisations with less than £20m turnover who pass the assessment (terms apply).
A good start for building up to a more comprehensive information assurance management system such as the IASME Governance Standard or ISO27001.
Get the edge on your competitors – from 1st October 2014, the UK Government requires that all suppliers bidding for certain sensitive and personal information-handling contracts be certified against The Cyber Essentials Scheme.
Required for Ministry of Defence (MoD) supply chain contracts under Defence Cyber Protection Partnership (DCPP) for levels of cyber risk very low to high.
Cyber Essentials benefits
Cyber Essentials: (Assisted) Costs from £700 plus VAT **
Our assisted service starts out with an onsite review and gap analysis of your work environment in order to identify what is needed in order to prepare your organisation for the process in order to achieve Cyber Essentials certification.
We will then provide a remediation plan and documentation including Cyber Essentials compliant Information Security policies and Cyber Essentials compliant Information Security procedures.
We will also provide advice and guidance on completing the self-assessment questionnaire and will make recommendations for any measures that you need to implement to meet the appropriate requirements*.
Following submission, the questionnaire is then verified by an independent Certification Body.
Important to Note prior to applying for Cyber Essentials Certification.
* Please be aware that you may be required to take corrective/preventative measures which might include, but not limited to, purchasing, upgrading or installing security software and equipment that your business may not already have in order to comply with current best practices and standards. You may also need to improve internal procedures, practices, policies and other documentation to gain certification.
** Costs are based on a single location and network and may vary depending on the complexity of the organisation and fees from the accreditation body.
How to get the Cyber Essentials certification
You, as the client, answer a self-assessment questionnaire via the online portal account that we set up for you.
Following the submission of this questionnaire, the answers are then verified by us and if successful report and certificate issued.