cyberessentials_trademark_4C copy.png

What is Cyber Essentials?

Cyber Essentials is a United Kingdom government information assurance scheme that is operated by the National Cyber Security Centre (NCSC).  The scheme was developed to help protect organisations against a whole range of the most common cyber attacks.

 

There are two levels of Cyber Essentials Certification:

 

Cyber Essentials:

Cyber Essentials is an online verified self-assessment that helps you assess and align your organisation’s current secure posture to the Cyber Essentials baseline security standard.

 

Cyber Essentials Plus:

Cyber Essentials Plus is an expansion upon Cyber Essentials that includes an audit of the organisations networks and devices.  An organisation must have Cyber Essentials self-assessed certification prior to applying for Cyber Essentials Plus.

 

We are a Certification Body, trained and licensed to certify for the Cyber Essentials Scheme. We also offer consulting services to help you achieve certification for both Cyber Essentials and Cyber Essentials Plus.

Why get Certified?

  • The Cyber Essentials certification process can be a good opportunity to take stock of how secure your organisation is.

  • Reassure clients that you are working to secure your organisation against cyber attacks.

  • Attract new business with the promise you have cyber security measures in place.

  • Some Government contracts require Cyber Essentials certification.

  • Obtaining the certification permits an organisation to advertise publicly that their organisation is Cyber Essentials compliant (and is listed in the directory of certified organisations).

  • Organisations that are certified to Cyber Essentials will automatically receive £25,000 of Cyber Insurance if they certify their entire organisation, are domiciled in the UK and their annual turnover is under £20m.

  • You may already be able to achieve Cyber Essentials certification with the measures you already have in place.

Cyber Essentials FAQ

How much does Cyber Essentials cost?


There are two levels of Cyber Essentials certification. The cost of Cyber Essentials (verified self-assessment) is £300 + VAT. The cost of a Cyber Essentials Plus assessment will depend on the size and complexity of your network(s).




Do Cyber Essentials certificates expire?


All new certificates issued will have a 12-month expiry date. The UK government recommends that you renew your certification at least annually. Companies are removed from the ‘certified organisations’ list if they have not been certified within the past 12 months. Any company we support through certification will be notified at least one month ahead of expiry.




What are the requirements of the Cyber Essentials scheme?


Cyber Essentials focuses on five technical control themes:

  • Firewalls
  • Secure Configuration
  • User Access Control
  • Malware Protection
  • Patch Management
The Cyber Essentials requirements document and the Cyber Essentials Plus illustrative technical specification (for Cyber Essentials Plus) can both be found here




How much does Cyber Essentials Plus cost?


Cyber Essentials Plus involves a technical audit of the systems that are in-scope for Cyber Essentials certification. This includes:

  • A representative set of user devices
  • All internet gateways
  • All servers with services accessible to unauthenticated internet users.
The cost of a Cyber Essentials Plus assessment will depend on the size and complexity of your network(s). For an estimate or quote, please get in touch via our Contact page.




Do I need Cyber Essentials to bid for Government contracts?


Government contracts are likely to require you to be Cyber Essentials certified or to be able to demonstrate that the technical controls are in place. It is advised you firstly confirm with the Government department their expectations with regards to Cyber Essentials certification. Requirements and exemptions may vary between department, so it is important that you are able to seek clarification for each contract.




Are personal or Bring Your Own Device (BYOD) included in the scope of Cyber Essentials?


Any device that is used to connect to the business network or access any business applications or services is included in the scope for Cyber Essentials. For example, if you use mobile phones to view work emails. These devices also need to meet the requirements of the scheme:

  • A secure lock / pin on the mobile device
  • Malware protection
  • Phones cannot be jailbroken / rooted
  • Updates must be applied within 14 days of release
Note: Native voice and SMS text applications are out of scope in addition to multi-factor authentication usage.




Where can I find additional help and advice?


Right here! Just get in Contact with us and we will be more than happy to assist you on your Cyber Essentials journey.




What are the Cyber Essentials requirements in relation to Home Workers?


The Cyber Essentials definition for Homeworking is as follows: 'Any employee contracted or legally required to work at home for any period of time at the time of the assessment, needs to be classed as working from home for Cyber Essentials'. Homeworkers can rely on either the Home Router or Software firewall (there is no longer a requirement to list home routers in the scope of the assessment).