What is Cyber Essentials?
The Cyber Essentials scheme is a world-leading, cost-effective assurance mechanism for companies of all sizes to help demonstrate to customers and other stakeholders that the most important cyber security controls have been implemented. The scheme provides five security controls that, according to the UK government, could prevent “around 80% of cyber attacks”.
The Cyber Essentials scheme is changing
The CREST-accredited Cyber Essentials scheme is now closed to new entrants with effect from 1 April 2020. IT Governance is unable to accept new customers under the replacement scheme until contractual issues have been addressed. As soon as they have, we can process new Cyber Essentials certification applications. Thank you for your patience.
What are the five key security controls?
Secure your devices and software
Confirm that computers and network devices are properly configured in order to reduce the level of inherent vulnerabilities.
Secure your Internet connection
Confirm that only safe and essential network services can be accessed from the Internet.
Control access to your data and services
Confirm that user accounts are assigned to authorised individuals only.
Keep your devices and software up to date
Confirm that devices and software are not vulnerable to known security issues for which fixes are available.
Protect from viruses and other malware
Restrict the execution of known malware and untrusted software.
The benefits of Cyber Essentials
Protect against approximately 80% of cyber attack
Implementing the five controls correctly will help you protect your organisation against the majority of cyber attacks, whether or not you achieve certification.
Increase your chances of security business
Demonstrate your commitment to protecting both your own data and that of your clients and suppliers. Cyber Essentials certification will help boost your reputation and give you a better chance of winning contracts.
Work with the UK government and the MOD
You will need Cyber Essentials certification in order to bid for central government contracts that involve handling sensitive and personal information or providing certain technical products and services.
Reduce cyber insurance premiums
Cyber insurance agencies often look more favourably on organisations that have achieved Cyber Essentials certification.
For further information about the business benefits of achieving certification and to find out how Cyber Essentials can help guard you against cyber threats, download our free Cyber Essentials guide.
Your Cyber Essentials certification options
Cyber Essentials includes an SAQ (self-assessment questionnaire) and an external vulnerability scan. The certification process has been designed to be lightweight and easy to follow.
Cyber Essentials is right for you if:
- You’re looking for base-level security certification to demonstrate that you have key controls in place.
- Your employees are primarily office-based and their IT equipment is under your administration and typically does not leave your premises.
- You have physical and technical controls for restricting access for third parties, such as clients and suppliers visiting your offices.
Cyber Essentials Plus certification continues to offer a simple approach to cyber security. The protections you need to have in place are the same, but it includes an additional internal scan and an on-site assessment.
Cyber Essentials Plus is right for you if:
- A client has specifically requested you achieve Cyber Essentials Plus.
- Your employees work from remote locations, such as home or client sites, and your IT equipment is often outside of your premises.
- Your business has multiple third parties with access to your premises or IT as visitors, partners, or in a shared office environment.
Why choose IT Governance for Cyber Essentials certification?
- By choosing a CREST-accredited certification body such as IT Governance, you will receive the added benefit of having your cyber security status independently verified through an external vulnerability scan.
- You can conduct the entire certification process online, without any expert cyber security knowledge, via our Cyber Essentials portal.
- We deliver all the technical tests and assessments, which are conducted by our experienced, CREST-accredited testers. We do not outsource any of the services required to achieve certification.
- We provide all the tools and resources needed to achieve CREST-accredited certification at both levels of the Cyber Essentials scheme.
Free guide: Cyber Essentials: A guide to the scheme
Reassure customers that you take cyber security seriously. Download this free guide to learn everything you need to know about the Cyber Essentials scheme and how to get started.
- Learn about the five controls and the specific requirements of the scheme.
- Discover what is and is not in scope.
- Learn how to become CREST-certified .
- Find solutions that meet your requirements.
Speak to an expert
Please contact our team for advice and guidance on our Cyber Essentials products and services.