What is Cyber Essentials?
Cyber Essentials, a UK government information assurance scheme overseen by the National Cyber Security Centre (NCSC), empowers organisations to defend against cyber threats. The scheme comprises a set of technical controls that enhance their cyber security posture.
There are two levels of Cyber Essentials Certification:
Cyber Essentials: An online verified self-assessment to evaluate and align your organisation's current security status with the Cyber Essentials baseline standard.
Cyber Essentials Plus: An extension of Cyber Essentials, which includes an audit of the organisation's networks and devices. To apply for Cyber Essentials Plus, an organisation must have Cyber Essentials self-assessed certification.
As a licensed Certification Body for the Cyber Essentials Scheme, we offer consulting services to guide you through achieving both Cyber Essentials and Cyber Essentials Plus certifications. Our expertise is dedicated to helping you enhance your cyber resilience and safeguard against potential threats.
What are the benefits of Cyber Essentials certification?
-
Improved protection against cyber attacks: By implementing the Cyber Essentials controls, organisations can reduce their risk of being successfully attacked by up to 80%.
-
Enhanced credibility and reputation: Achieving Cyber Essentials certification demonstrates to customers, suppliers, and other stakeholders that an organisation takes its cyber security seriously.
-
Improved compliance: Many organisations are required to meet certain cyber security standards, such as those set out in the Payment Card Industry Data Security Standard (PCI DSS). Implementing the Cyber Essentials controls can help organisations meet these requirements.
-
Reduced insurance premiums: Some insurance companies offer discounts to organisations that are certified under the Cyber Essentials scheme.
-
Easier access to public sector contracts: Many public sector organisations require their suppliers to be certified under the Cyber Essentials scheme. Achieving certification can make it easier for organisations to bid for these contracts.
-
Improved staff awareness: Implementing the Cyber Essentials controls can help raise staff awareness of cyber security issues and encourage good cyber security practices.
-
Simplified compliance: The Cyber Essentials scheme provides a clear set of technical controls that organisations can implement to improve their cyber security posture. This can make it easier for organisations to understand their cyber security obligations and meet them.
-
Cost-effective: Implementing the Cyber Essentials controls can be a cost-effective way for organisations to improve their cyber security posture.
-
Access to technical support: Organisations that are certified under the Cyber Essentials scheme can access technical support from the NCSC to help them maintain their cyber security posture.
-
Ongoing improvement: The Cyber Essentials scheme encourages organisations to continuously review and improve their cyber security posture, helping to ensure that they are always well protected against cyber threats.
-
Why should my organisation consider getting certified under the Cyber Essentials scheme?Obtaining Cyber Essentials certification showcases your organisation's commitment to cybersecurity, signalling to customers, suppliers, and stakeholders that you take data protection seriously. Additionally, this certification opens doors to public sector contracts, lowers insurance premiums and aids in meeting compliance obligations.
-
How much does Cyber Essentials cost?There are two levels of Cyber Essentials certification. The cost of Cyber Essentials (verified self-assessment) depends on the size of the organisation. Pricing is below: 0-9 Employees (Micro): £320 Excl. VAT 10-49 Employees (Small): £440 Excl. VAT 50-249 Employees (Medium): £500 Excl. VAT 250+ Employees (Large): £600 Excl. VAT The cost of a Cyber Essentials Plus assessment will depend on both the size and complexity of your network(s) and organisational devices.
-
How much does Cyber Essentials Plus cost?Cyber Essentials Plus entails a comprehensive technical audit of the systems falling under Cyber Essentials certification, encompassing a representative set of user devices, all internet gateways, and servers with services accessible to unauthenticated internet users. The assessment's cost is contingent on your network(s)' size and complexity. To obtain an estimate or quote, kindly reach out to us through our Contact page.
-
What are the requirements of the Cyber Essentials scheme?Cyber Essentials centers around five key technical control themes to ensure robust cybersecurity: Firewalls Secure Configuration User Access Control Malware Protection Patch Management To access the Cyber Essentials requirements document and the Cyber Essentials Plus illustrative technical specification (for Cyber Essentials Plus), you can find them both at this location: here
-
Do Cyber Essentials certificates expire?Every new certificate issued will be valid for 12 months. As recommended by the UK government, it is advisable to renew your certification annually. To maintain your status as a certified organisation, it is essential to undergo recertification within the past 12 months. Rest assured, any company we assist in the certification process will receive a notification at least one month before their certificate's expiry date, ensuring timely renewal.
-
Do I need Cyber Essentials to bid for Government contracts?For Government contracts, Cyber Essentials certification or evidence of implemented technical controls is often a prerequisite. We strongly recommend confirming the specific expectations of each Government department regarding Cyber Essentials certification before pursuing any contracts. Requirements and exemptions can differ between departments, making it crucial to seek clarification for each contract individually.
-
Are personal or Bring Your Own Device (BYOD) included in the scope of Cyber Essentials?Every device utilised to connect to the business network or access any business applications or services falls within the scope for Cyber Essentials. For instance, if you use mobile phones to view work emails, these devices must also adhere to the scheme's requirements, including having a secure lock/pin, malware protection, being non-jailbroken/non-rooted, and promptly applying updates within 14 days of release.
-
Where can I find additional help and advice?Right here! Just get in Contact with us and we will be more than happy to assist you on your Cyber Essentials journey.