What is Cyber Essentials?
Cyber Essentials is a United Kingdom government information assurance scheme that is operated by the National Cyber Security Centre (NCSC). The scheme was developed to help protect organisations against a whole range of the most common cyber attacks.
There are two levels of Cyber Essentials Certification:
Cyber Essentials:
Cyber Essentials is an online verified self-assessment that helps you assess and align your organisation’s current secure posture to the Cyber Essentials baseline security standard.
Cyber Essentials Plus:
Cyber Essentials Plus is an expansion upon Cyber Essentials that includes an audit of the organisations networks and devices. An organisation must have Cyber Essentials self-assessed certification prior to applying for Cyber Essentials Plus.
We are a Certification Body, trained and licensed to certify for the Cyber Essentials Scheme. We also offer consulting services to help you achieve certification for both Cyber Essentials and Cyber Essentials Plus.
Why get Certified?
-
Cyber Essentials certification can be a good opportunity to take stock of how secure your organisation is.
-
Reassure clients that you are working to secure your organisation against cyber attacks.
-
Attract new business with the promise you have cyber security measures in place.
-
Some Government contracts require Cyber Essentials certification.
-
You may already be able to achieve Cyber Essentials certification with the measures you already have in place.
-
Obtaining the certification permits an organisation to advertise publicly that their organisation is Cyber Essentials compliant (and is listed in the directory of certified organisations).
-
Organisations that are certified to Cyber Essentials will automatically receive £25,000 of Cyber Insurance if they certify their entire organisation, are domiciled in the UK and their annual turnover is under £20m.
Cyber Essentials FAQ
How much does Cyber Essentials cost?
Do Cyber Essentials certificates expire?
All new certificates issued will have a 12-month expiry date.
What are the requirements of the Cyber Essentials scheme?
Cyber Essentials focuses on five technical control themes:
-
Firewalls -
Secure Configuration -
User Access Control -
Malware Protection -
Patch Management
How much does Cyber Essentials Plus cost?
Cyber Essentials Plus involves a technical audit of the systems that are in-scope for Cyber Essentials certification. This includes:
-
A representative set of user devices -
All internet gateways -
All servers with services accessible to unauthenticated internet users.
Do I need Cyber Essentials to bid for Government contracts?
Government contracts are likely to require you to be Cyber Essentials certified or to be able to demonstrate that the technical controls are in place. It is advised you firstly confirm with the Government department their expectations with regards to Cyber Essentials certification.
Are personal or Bring Your Own Device (BYOD) included in the scope of Cyber Essentials?
Any device that is used to connect to the business network or access any business applications or services is included in the scope for Cyber Essentials. For example, if you use mobile phones to view work emails. These devices also need to meet the requirements of the scheme:
-
A secure lock / pin on the mobile device -
Malware protection -
Phones cannot be jailbroken / rooted -
Updates must be applied within 14 days of release
Where can I find additional help and advice?
Right here! Just get in Contact with us and we will be more than happy to assist you on your Cyber Essentials journey.