Cyber Essentials

Cyber Essentials is a government backed certification that helps you demonstrate your commitment to cyber security and protecting your users data which is managed by the NCSC. Cyber Essentials has been designed to be a simple, but yet effective certification which will help protect your business against the most common cyber threats.

By achieving Cyber Essentials through InfoSec Governance, we take the stress out of the certification process. By working through the certification and its 5 key controls, the certification allows you to demonstrate to your customers, suppliers and wider business that you take the security of information and your business seriously.

InfoSec Governance are an approved Certification Body for the certification of Cyber Essentials, Cyber Essentials Plus, IASME Governance and IASME Audited, we can help through through each step of the process or simply audit and certify your certification request.

InfoSec Governance cannot 100% guarantee that you will achieve Cyber Essentials or IASME Governance for your business, however we will work with you where appropriate and identify any areas of weakness. Through our additional support packages we can help you identify your gaps and help you put in place the missing pieces.

How does it work?

The Cyber Essentials scheme is based upon a set of five security controls which listed below, when correctly deployed, will provide you with a level of protection from the most common cyber security threats. These controls apply to a defined scope, which could be part or all of your company, depending upon your needs.

Firewalls

By ensuring that your boundary firewalls are configured to only allow authorised inbound and outbound traffic, this will help to effectively protect your business against cyber threats.

Secure Configuration

By ensuring that security controls have been agreed and put in place when installing computers and mobile/network devices, will help ensure that configurations in default settings are reduced.

Access Control

By making sure that user accounts are configured with only the level of access which is needed will help reduce network wide threats. Using the principle of least priviledge access should be applied to all accounts.

Malware Protection

Making sure you have proper malware protection in place on all devices will help you protect your business against cyber threats such as ransomware, spyware and virus which may run throughout the network.

Patch Management

Keeping software up to date with the latest security updates is important and helps reduce the changes of devices being compromised. You should also ensure third-party software is kept up to date.

Cyber Essentials Levels

There are two levels, the basic, which is a self-assessment version which needs to be completed first. The second, is the Plus version which is is an onsite audited version and requires that the basic version has been completed within 3 months assessment.

Cyber Essentials Basic

A basic self-assessment of your business detailing your security stance against five controls.

Cyber Essentials Plus

A higher level, onsite audit of your business checking you against your self-assessment and environment.

More Information

Why do I need Cyber Essentials?

By implementing the five defined controls throughout your business you can help to protect your business against 80% of the most common cyber-based threats.

As part of the certification you will be entitled to free cyber liability insurance as well as showing insurance companies that you protecting infromation against best practice.

The scheme is mandated by the UK government, achieving the certificate will help you win tenders and win new business, butting you one step ahaead of your rivals.

The certificate will help show your commitment to the protection of data to your suppliers and customers.

Frequently Asked Questions

The cost of Cyber Essentials is £300 + VAT, this is for the basic self-assessment version, where you fill in all the questions yourself and is then assessed by one of the InfoSec Governance auditors. We do have several options which are slightly more expensive if you require some help in filling out the self-assessment, this can be found on our Cyber Essentials Page.

Once InfoSec Governance have all the information from yourselves, we will setup the online portal within a few hours of receiving your information at most. The time to complete the self-assessment will depend upon several factors, such as do you have all the information to hand, are all the controls in place etc. However if you can allocate an hour, you should be completed in this time.

Yes you can, you can download the question set from here. Please note that the questions, or the format of may change from time to time.

Cyber Essentials Basic, is the first stage of two and is a self-assessment certification which is assessed by one of InfoSec Governance’s auditors, the auditor will mark the self-assessment and issue a certficiate (if successful) based upon the information within the assessment.

Cyber Essentials Plus is an onsite audited certification, where a InfoSec Governance auditor will attend your site and verify your answers to the first stage of the certifiation. Additionally, a vulnerability scan will be performed across your business and several tests performed to test your email and endpoiint security controls.