How do I get cyber essentials certification?

One of the main services that we provide to our clients is the cyber essentials certification by taking the Cyber Essentials basic and/or Cyber Essentials Plus assessment. However, before we even get to this stage one of the first questions that we are always asked is: How do we get started? Or What’s involved in getting the process started?

This blog post will hopefully answer these questions and help you understand the process of getting on-boarded and help you achieve this cyber essentials certification.  Please note, however, that this process is for InfoSec Governance’s process, achieving Cyber Essentials from other Certification Bodies may vary, but should be similar overall.

Step one

We talk with the client and check to see what they are after, is it just Cyber Essentials basic (the self-assessment) and/or Cyber Essentials Plus (the audited version), we also check to see whether they would be interested in the more in-depth IASME Governance certification which encompasses Cyber Essentials.

Once we understand which route they want, we check to see if they want to do everything themselves, or whether they would like some added support to help them through the process of answering the questions and helping them understand the solutions that may need to be put in place.

For costs relating to achieving cyber essentials certification through InfoSec Governance and learning how to achieve compliance with using Intune. If you would like to know the differences between Cyber Essentials and IASME Governance we discuss that here.

Step two

Stage two involves obtaining the necessary information which is required for setting up the client on the online portal, this portal allows them to log in and answer all the Cyber Essentials questions. The questions which are needed are:

  • Name of the company for the certificate (this should be your registered company name)
  • Registered company address
  • Name of person filling in the self-assessment
  • Email address of person filling in the self-assessment
  • Mobile number of the person filling in the self-assessment (this is to receive a password for the portal)

Once the above information is obtained, the portal will be set up and you will be sent an initial welcome email and text message with a password to log into the portal.

Step three

Self-assessment completion.  This stage is where the client fills in the self-assessment and answers all the questions. If the client had taken up the offering of additional support, InfoSec Governance would also be on hand to help answer any questions.

Step Four

Assessment of the self-assessment, involves InfoSec Governance reviewing your assessment and providing any guidance or information.  If there are any issues you will be made aware of them and the assessment will be sent back to you for review and resolution.

Step five

Step five is the last step, once the client has completed the self-assessment there are no failures or non-compliances, then you will be awarded the certificate and answering report.  These will be sent to the person who filled in the self-assessment.

And repeat

Cyber Essentials Certification is an annual certification, so in around 11 months’ time, you will be informed that your assessment is due for renewal.

We hope this helps answer your questions and if you have any questions regarding Cyber Essentials, please get in touch with us to discuss further.