What is Cyber Essentials?
Cyber Essentials is a UK government scheme supported by the NCSC (National Cyber Security Centre) that sets out five basic security controls to protect organisations against around 80% of common cyber-attacks.
The scheme’s certification process is managed by the IASME Consortium which licences Certification Bodies (CBs) to carry out Cyber Essentials and Cyber Essentials Plus Certifications.
Cyber Essentials is designed to help organisations of any size demonstrate their commitment to cyber security – all while keeping the approach simple, and the costs low.
Get Cyber Essentials certified with IT Governance
Our simple five-step methodology:
Define the scope
Certification can apply to an organisation’s full enterprise IT or just to a subset. Either way, the scope needs to be clearly defined before the certification process can get underway.
The next step is to complete the required SAQ. We review the completed SAQ before submission to check it meets the scheme's requirements. Successful applications are issued a Cyber Essentials certificate.
Organisations seeking certification to Cyber Essentials Plus will be required to go through a technical audit, which includes a series of internal vulnerability scans and tests of the in-scope system(s), and the SAQ.
An external vulnerability scan of your Internet-facing networks and applications is used to verify that there are no obvious vulnerabilities. As the tests are external, they are performed off-site.
Once the on-site assessment, internal vulnerability scan and external vulnerability scan have been successfully completed and approved, you will be issued with your Cyber Essentials Plus certificate.