Cyber Essentials

Cyber Essentials is a government backed certification that helps you demonstrate your commitment to cyber security, protecting your users data, and is managed by the NCSC. The scheme has been designed to be a simple, but yet effective, it has been designed to help protect your business against the most common cyber threats.

By achieving the certification through InfoSec Governance, we will take the stress out of the certification process. By working through the certification and its five key controls, the certification allows you to demonstrate to your customers, suppliers and wider business that you take the security of information and your business seriously.

InfoSec Governance are an approved Certification Body for the certification of Cyber Essentials, Cyber Essentials Plus, IASME Cyber Assurance and IASME Cyber Assurance Audited, we can help through each step of the process or simply audit and certify your certification request.

InfoSec Governance cannot 100% guarantee that you will achieve Cyber Essentials or IASME Cyber Assurance for your business, but if you take one of our support packages, we can work with you to identify and resolve any potential areas of weakness.

How does it work?

The scheme is based upon a set of five security controls which listed below, when correctly deployed, will provide you with a level of protection from the most common cyber security threats. These controls apply to a defined scope, which could be part or all of your company, depending upon your needs.

By ensuring that your boundary firewalls are configured to only allow authorised inbound and outbound traffic, this will help to effectively protect your business against cyber threats.
By ensuring that security controls have been agreed and put in place when installing computers and mobile/network devices, will help ensure that configurations in default settings are reduced.
By making sure that user accounts are configured with only the level of access which is needed will help reduce network wide threats. Using the principle of least privilege access should be applied to all accounts.
Making sure you have proper malware protection in place on all devices will help you protect your business against cyber threats such as ransomware, spyware and virus which may run throughout the network.
Keeping software up to date with the latest security updates is important and helps reduce the changes of devices being compromised. You should also ensure third-party software is kept up to date.

Cyber Essentials Levels

There are two levels, the basic, which is a self-assessment version which needs to be completed first. The second, is the Plus version which is is an audited version and requires that the basic version to have been completed within 3 months of the audit.

How does it work?

You will be provided access to an online self-assessment portal, where you will go through the Cyber Essentials question set and answer all the questions accordingly. Once completed, you will submit the answers and we will be notified. Once notified we will then assess your answers and if you are successful you will be awarded a certification.

Cyber Essentials and Cyber Essentials Plus are both annual reviewal certifications.

Cyber Essentials Plus

The Cyber Essentials Plus certification is a higher level, audited version of the certification, the audit ensures that your business is doing what your self-assessment said you were doing as well as physically checking your systems for vulnerabilities and various controls.

If you would like to know more information about what is involved within the Cyber Essentials Plus audit or what you need to do before the audit, you can check our Cyber Essentials Plus Guide.