Cyber Essentials Plus
Do I need Cyber Essentials Plus?
In order to achieve Cyber Essentials Plus, you must have already obtained the self assessed Cyber Essentials certification which InfoSec Governance can help you with if you have not yet achieved this. Obtaining the plus certification and implementing the required controls could shield your business from up to 80% of the common threats from the internet.
Adopting Cyber Essentials is likely to become a major requirement to win business in many sectors in the future – and to demonstrate this, from 1 October 2014, the government has required suppliers bidding for certain information-handling contracts to be Cyber Essentials certified.
The certification is backed by the industry, as well as the business support and lobbying organisation the Federation of Small Businesses. A number of insurance companies are also starting to offer incentives for organisations that conform to the scheme.
A company can gain “Cyber Essentials” or “Cyber Essentials Plus” badges which allow a company to advertise the fact that it adheres to a government endorsed standard.
InfoSec Governance provide Certification for Cyber Essentials (Level 1) as well as Cyber Essentials Plus (Level 2).
Cyber Essentials Plus consists of five baseline controls that businesses should have in place to reduce the risk of data breaches from internet-based attacks, these being:
- Boundary Firewalls
- Secure Configuration
- Access Control
- Malware Protection
- Patch Management
Achieving Cyber Essentials Plus
As part of the Cyber Essentials Plus assessment, the company will be required to pass an external and on-site vulnerability assessment performed by staff from InfoSec Governance. These staff are fully trained to a minimum TigerScheme QSTM status and each hold a minimum of SC Level Clearance.