Cyber Essentials Plus
In order to achieve the Cyber Essentials Plus certification, you must have already obtained the self assessed certification within the last three months, which, if not already achieved, can help you with if you have not yet achieved this. Obtaining the plus certification and implementing the required controls could shield your business from up to 80% of the common threats from the internet.
Adopting the Cyber Essentials scheme is likely to become a major requirement to win business in many sectors in the future – and to demonstrate this, from 1 October 2014, the government has required suppliers bidding for certain information-handling contracts to be Cyber Essentials certified.
The certification is backed by the industry, as well as the business support and lobbying organisation the Federation of Small Businesses. A number of insurance companies are also starting to offer incentives for organisations that conform to the scheme.
A company can gain certification badges which allow a company to advertise the fact that it adheres to a government endorsed standard.
The certification consists of five baseline controls that businesses should have in place to reduce the risk of data breaches from internet-based attacks, these being:
- Boundary Firewalls
- Secure Configuration
- Access Control
- Malware Protection
- Patch Management
Achieving Cyber Essentials Plus
As part of the assessment, the company will be required to pass an external and on-site vulnerability assessment performed by staff from InfoSec Governance. These staff are fully trained to a minimum TigerScheme QSTM status and each hold a minimum of SC Level Clearance.