How do I get started with Cyber Essentials basic?
One of the main services that we provide to our clients is the certification towards Cyber Essentials basic and/or Cyber Essentials Plus. However, before we even get to this stage one of the first questions that we are always asked is: How do we get started? Or What’s involved in getting the process started?
This blog post will hopefully answer these questions and help you understand the process of getting onboarded and help you achieve this certification. Please note, however, that this process is for InfoSec Governance’s process, achieving Cyber Essentials from other Certification Bodies may vary, but should be similar overall.
We talk with the client and check to see what they are after, is it just Cyber Essentials basic (the self-assessment) and/or Cyber Essentials Plus (the audited version), we also check to see whether they would be interested in the more in-depth IASME Governance certification which encompasses Cyber Essentials.
Once we understand which route they want, we check to see if they want to do everything themselves, or whether they would like some added support to help them through the process of answering the questions and helping them understand the solutions that may need to be put in place.
For costs relating to achieving Cyber Essentials through InfoSec Governance can be found here and learning how to achieve compliance with using Intune can be found here. If you would like to know the differences between Cyber Essentials and IASME Governance we discuss that here.
Stage two involves obtaining the necessary information which is required for setting up the client on the online portal, this portal allows them to login and answer all the Cyber Essentials questions. The questions which are needed are:
- Name of company for the certificate (this should be your registered company name)
- Registered company address
- Name of person filling in the self-assessment
- Email address of person filling in the self-assessment
- Mobile number of the person filling in the self-assessment (this is to receive a password for the portal)
Once the above information is obtained, the portal will be setup and you will be sent an initial welcome email and text message with password to log into the portal.
Self-assessment completion. This stage is where the client fills in the self-assessment and answers all the questions. If the client had taken up the offering of additional support, InfoSec Governance would also be on hand to help answer any questions.
Assessment of the self-assessment, this involves InfoSec Governance reviewing your assessment and providing any guidance or information. If there are any issues you will be made aware of them and the assessment will be sent back to you for review and resolution.
Step five is the last step, once the client has completed the self-assessment there are no failures or non compliances, then you will be awarded the certificate and answering report. These will be sent to the person who filled in the self-assessment.
Cyber Essentials is an annual certification, so in around 11 months’ time you will be informed that your assessment is due for renewal.
We hope this helps answer your questions and if you have any questions regarding Cyber Essentials, please get in touch with us to discuss further.