CYBER ESSENTIALS
– certify your organisation against cyber attacks –
What is Cyber Essentials?
Cyber Essentials is a government-backed cyber security certification scheme that implements basic levels of protection against Internet-based threats. Under this scheme organisations can apply for a badge which recognises the achievement of government-endorsed standards of cyber security. Cyber Essentials is designed for organisations of all sizes, and in all sectors.
Why should you get Cyber Essentials?
The primary aim of the scheme is to encourage organisations to adopt best practices in their information security strategy, offering a mechanism to demonstrate that they have taken essential precautions to secure against the majority of cyber risks.
Having a Cyber Essentials Certification will:
- Protect your organisation against common cyber threats
- Show your customers you take this issue seriously and make every effort to protect data
- Enable you to bid for Government contracts
- Help you have a wide perspective of your organization’s security defences
- Help you to address other compliance requirements such as the EU General Data Protection Regulation
- Reduce insurance premiums as a CE certification provides a valuable signal of reduced risk for insurers
Cyber Essentials assurance framework
Cyber Essentials includes an assurance framework and identifies some fundamental technical security controls that an organisation needs to have in place within their IT systems to protect information from threats coming from the internet.
The scheme focuses on the following five essential technical controls:
Certification options
There are two levels of Cyber Essentials certification available:
CYBER ESSENTIALS – An independently verified self assessment
Organisations assess themselves against five basic security controls filling in a questionnaire. The information provided is verified by us and if there is sufficient confidence that the controls have been effectively implemented a certificate is awarded. Certification at this stage provides a basic level of confidence that the controls have been implemented correctly, and relies on the organisation having the skills to respond appropriately to the questionnaire.
CYBER ESSENTIALS PLUS – A higher level of assurance
A qualified and independent assessor examines the same five controls, testing that they work in practice by simulating basic hacking attacks. The Cyber Essentials Plus certification includes all of the assessments for the Cyber Essentials certification, and also includes an additional internal scan and some on-site checks and vulnerability assessments. We carry out tests of the systems using a range of tools and techniques and if the tests are successful, award the Cyber Essentials Plus certificate.
* To complete Cyber essentials Plus, companies must have gained the basic Cyber Essentials certification within the last 90 days, or you can get the both at the same time.
How you can get certified
SELF-SUPPORTED – Any organization that have knowledge of the five security controls and are comfortable carrying out all of the preparation for certification can complete the self assessment questionnaire.
WITH EXPERT GUIDANCE AND SUPPORT – For organisations that have difficulty in defining their scope and have little or no knowledge of the five controls or have complex organisational structures, we can provide up to 0.5 days consultancy for Cyber Essentials Basic and 2 days expert consultancy for Cyber Essentials Plus to help you achieve the standard. We will identify the key areas to address and help you complete the questionnaire.
The process of getting certified
-
-
STEP 1
Organisation identifies the systems it believes are at risk of external compromise, defining the scope of Cyber Essentials
-
STEP 2
Organisation self assesses that the systems identified meet the requirements
-
STEP 3
Organisation fills in the self-assessment questionnaire, which is signed by the CEO
-
STEP 4
The assessment is independently verified by us
-
STEP 5
If you pass, Cyber Essentials Certificat is issued
-
-
-
-
STEP 6
Tests of the systems are carried out on site by us using a range of tools and techniques
-
STEP 7
If you pass, Cyber Essentials Plus Certificat is issued
-
-
Cyber Essentials
SELF-SUPPORTED*- The basic level of Cyber Essentials certification
- Fully online service, delivered remotely
- Self assessment questionnaire about your current cyber controls, completed on-line
- Feedback on areas of non-compliance
- Your answers are reviewed and validated by our qualified Cyber Essentials assessor
- If you meet all criteria, you get your report, certificate and badges
- *depends on the size of the organization
Cyber Essentials Plus
SELF-SUPPORTED- The highest level of Cyber Essentials certification
- Recommended if your employees work from remote locations or third parties have access to your premises.
- You must hold a basic certification that was achieved no longer than three months prior to the CE Plus assessment
- We carry out an assessment to check whether your organisation complies with the control requirements.
- We perform an external and internal vulnerability scan of your networks
- If you meet all criteria, you get your report, certificate and badges
Cyber Essentials & Cyber Essentials Plus Combined
SELF-SUPPORTED- Suitable for organisations that want both Cyber Essentials and Cyber Essential Plus certification
- Self – assessment questionnaire about your current cyber controls, completed on-line and then reviewed and validated by our assessor
- We carry out an assessment to check your organisation’s compliance with the control requirements
- We perform an external and internal vulnerability scan of your networks and we will need to hold a MS Teams meeting to run the email and browser tests
- If you meet all criteria, you get your report, certificate and badges
Cyber Essentials
with expert guidance & support- The basic level of Cyber Essentials certification
- We have an initial call to discuss your requirements
- We provide the self assessment questionnaire about your current cyber controls
- We review your answers and suggest any required changes
- You submit your questionnaire online
- Your answers are validated by our qualified Cyber Essentials assessor
- If you meet all criteria, you get your report, certificate and badges
Cyber Essentials Plus
with expert guidance & support- The highest level of Cyber Essentials certification
- Recommended if your employees work from remote locations or third parties have access to your premises.
- You must hold a basic certification that was achieved no longer than three months prior to the CE Plus assessment.
- We carry out a remote pre-audit to check whether your organisation complies with the control requirements
- We produce a report and you address the issues, with our help if necessary
- We revisit and carry out the technical audit
- If you meet all criteria, you get your report, certificate and badges
Cyber Essentials & Cyber Essentials Plus Combined
with expert guidance & support- Suitable for organisations that want both Cyber Essentials and Cyber Essential Plus certification
- We have an initial call before providing you with the self-assessment questionnaire about your current cyber controls
- After you complete the questionnaire, we review your answers and suggest any required changes
- We carry out a remote pre-audit, checking your organisation’s compliance with the control requirements. You address any issues with our help if necessary
- We undertake another remote audit and if the issues have been resolved we will issue you with the pass certificate
In addition to the Cyber Essentials certification route organisations can obtain certification to the IASME Standard which includes aspects of basic information security governance and also the GDPR assessment elements.
We are a Cyber Essentials Certification Body
We provide all the tools and resources needed to achieve accredited certification at both levels of the Cyber Essentials scheme.