Secure your business with government backed auditing
Cyber Essentials sets out the standard baseline for cyber security and offers protection from IT security breaches. Developed and backed by the UK Government in response to a growing cyber threat, certification is a mandatory requirement for all Government supply chains and a growing number of Commercial tenders. It's awarded to organisations that demonstrate, through the completion of an online self assessment questionnaire, that they have effective cyber security measures in place.
The accreditation can be extended to Cyber Essentials Plus, which involves a physical assessment of your estate and will give extra reassurance to your customers and suppliers that you are committed to protecting your business data and theirs.
Cyber Essentials has two levels of accreditation
Cyber Essentials is a UK Government backed scheme to aid the creation of a secure IT infrastructure. It has been designed to help UK businesses, particularly for SMEs with limited experience of cyber security, improve their defences and demonstrate publicly their commitment to cyber security.
For some, (e.g. Public Sector organisations) Cyber Essentials is a required data protection directive, but for others it demonstrates to your customers, your commitment to five basic security controls, proving that you take their security seriously. They are:
- Secure your Internet connection
- Secure your devices and software
- Control access to your data and services
- Protect from viruses and other malware
- Keep your devices and software up to date
If you'd like help and guidance to get your business Cyber Essentials certified, get in touch.
Cyber Essentials Plus
Cyber Essentials Plus (CEP) is an extension on the Cyber Essentials (CE) Verified Assessment, that includes and audit of the organisations IT systems. A business must have CE verified self-assessed certification to apply for CEP.
CEP involves an audit of your system by a trained assessor. The aim of the assessment is to confirm that all controls that have been declared in CE are implemented on the organisations network. Here are some of the key elements of CEP:
- An assessor will pick a sample of computers and perform an audit to ensure that the devices are configured as per the scheme requirements
- A vulnerability scan will be performed on these machines to confirm patching and basic configuration is at an acceptable level
- An external port scan of your internet facing IP addresses will be conducted to ensure no clear and obvious misconfigurations or vulnerabilities can be identified
- A test will be conducted on your default email/internet browser to confirm how well configured they are to prevent execution of fake malicious files
- Screenshots will be taken as evidence that the system is Cyber Essentials compliant
Should any issues be identified that require remediation, the organisation will have 30 days to remedy the issues. On successful certification of your business, you will be provided with a certificate and you can be added to a list of Cyber Essentials certified companies, giving reassurance to your suppliers and customers.
If you would like our help to become Cyber Essentials certified, please get in touch.