What is Cyber Essentials?
Cyber Essentials is a UK government scheme supported by the NCSC (National Cyber Security Centre) that sets out five basic security controls to protect organisations against around 80% of common cyber-attacks.
The scheme’s certification process is managed by the IASME Consortium which licences Certification Bodies (CBs) to carry out Cyber Essentials and Cyber Essentials Plus Certifications.
Cyber Essentials is designed to help organisations of any size demonstrate their commitment to cyber security – all while keeping the approach simple, and the costs low.
Why do I need Cyber Essentials?
Prevent around 80% of cyber attacks
Correctly implementing five basic security controls will protect your organisation against the most common cyber threats.
Demonstrate supply chain security
Achieving Cyber Essentials certification will help you demonstrate your commitment to data protection and cyber security.
Win new business
Cyber Essentials certification will help boost your reputation and give you a better chance of winning new business.
Drive business efficiency
You can focus on your core business objectives while knowing that you are protected from the most common cyber attacks.
Reduce cyber insurance premiums
Cyber insurance agencies look more favourably on organisations that have achieved Cyber Essentials certification.
Work with the UK government & MoD
Cyber Essentials will permit you to work with the UK government and Cyber Essentials Plus will allow you to work with the MoD.
The five key security controls covered by Cyber Essentials
Firewalls need to be properly set up to prevent unauthorised access to your internal networks.
Software and operating systems should be regularly updated to fix known vulnerabilities.
Anti-malware software should be installed to protect your computers, important data and privacy.
User accounts should be assigned only to authorised individuals, be managed effectively, and provide the minimum level of access.
Computers and network devices should be configured to minimise vulnerabilities and provide only the services required.
What’s the difference between Cyber Essentials and Cyber Essentials Plus?
Cyber Essentials includes an self-assessment
Cyber Essentials is right for you if:
You want a base-level security certification to demonstrate that you have key controls in place.
Cyber Essentials Plus
Cyber Essentials Plus includes a technical audit of the systems that are in scope for Cyber Essentials. . It includes an external vulnerability assessment, an internal scan and an on-site assessment.
Cyber Essentials Plus is right for you if:
You are required to have a more in-depth audit of the key controls you have in place. Your employees work from remote locations, or third parties have access to your premises or IT.
Get Cyber Essentials certified with IT Governance
Our simple five-step methodology:
- Define the scope - Certification can apply to an organisation’s full enterprise IT or just to a subset. Either way, the scope needs to be clearly defined before the certification process can get underway
- SAQ - The next step to certification is to complete the required SAQ. Once the SAQ has been completed, we review this prior to submitting to check it meets the requirements of the Cyber Essentials scheme. Successful applications are issued their Cyber Essentials Certificate.
- On-site assessment - Organisations seeking certification to Cyber Essentials Plus will be required to go through a technical audit which includes a series of internal vulnerability scans and internal vulnerability tests of the system(s) in scope, and the SAQ.
- External scan - The external vulnerability scan of your Internet-facing networks and applications is used to verify that there are no obvious vulnerabilities. As the tests are external, they are be performed offsite.
- Certification (Plus) - Once the on-site assessment, internal vulnerability scan and external vulnerability scan have been successfully completed and approved, you will be issued with your Cyber Essentials Plus Certificate.
Why choose IT Governance as your Cyber Essentials partner?
- One-stop shop - We provide all tools and resources needed to achieve certification at both levels of the Cyber Essentials scheme.
- End-to-end support - We deliver all the technical tests and assessments, conducted by our experienced technical testers.
- Tailored solutions - We have various packaged solutions available to support organisations with different levels of experience through the Cyber Essentials or Cyber Essentials Plus certification process.
- Unrivalled expertise - Having led ISO 27001 implementations since the inception of the Standard, we have the knowledge and insight to help you take the next steps beyond Cyber Essentials.
Speak to an expert
Please contact our team for advice and guidance on our Cyber Essentials products and services.