Cyber Essentials is a UK government-backed scheme that is run by the National Cyber Security Centre (NCSC) and the IASME Governance. The scheme has two levels available, a self-assessment basic version and a more in-depth audited version which is achievable once you have certified Cyber Essentials Basic.
The scheme has been designed to help businesses achieve basic cyber protection against the most common cyber threats, this is done by ensuring you have five core controls in place within the business, these are:
- Secure Configuration
- Access Control
- Malware Protection
- Patch Management
Cyber Essentials helps protect businesses by ensuring that the above controls in place, ensuring that patches are applied within 14 days and that no unsupported Operating Systems are used. For example, if you still have Windows 7 and/or Windows Server 2008 R2, you will fail the certification as these are no longer supported by Microsoft.
Why do I need it?
This question comes up a lot, why should you obtain this certification, is it needed? Is there a demand for it? The simple question is yes on both counts. Achieving Cyber Essentials helps you to understand your business more, ensures that you are monitoring your systems and running supported software. Not only this, but it is known that implementing the above five controls can protect you against 80% of cyber-related attacks.
If you deal with the UK government, this certificate is mandated for any tender work, local authorities are also starting to bring in the requirements that Cyber Essentials be a minimum requirement.
Additionally, ensuring that you have Cyber Essentials can also help ensure your supply chain and customer base as it ensures that you are actively putting controls in place to protect their information.
If you are bidding for work, you may win the work if you have this certification as other bidders may not have the certification, this can be an advantage.
How much is it?
The basic self-assessment of Cyber Essentials Basic will cost you £300 + VAT, this doesn’t include any additional help or support that you may need. InfoSec Governance has several product offerings to help you through the process if needed. Visit our Cyber Essentials Basic page.
How do I start?
Starting the certification process is simple, simply contact us with your need for certification, we’ll then require a few pieces of information from you to get you set up on our online portal, then once you have been set up, you fill in the self-assessment questionnaire and when done, submit your answers. Once of InfoSec Governance’s audits will then audit your answers, and all being well will certify your business.
Do I have to renew?
Yes, both the Basic and Plus certifications need to be renewed annually, when you receive your certificate you will see a renewal date. When renewal comes up, you will have to fully complete the entire process that you performed the previous year. This is because a year is a long time in the IT world and any number of threats may be present, or software and Operating Systems becoming unsupported.