Do I Need Cyber Essentials or Cyber Essentials Plus?

Written by Sam Jones
Jul 3, 2019 - 3 minute read

Struggling to get to grips with Cyber Essentials or Cyber Essentials Plus? - Here's what you need to know and why people are asking you to get it...

New call-to-action

What is it?

The Cyber Essentials scheme is the UK cyber security standard developed by NCSC (National Cyber Security Centre - a subsidiary of GCHQ), which organisations can be assessed and certified against.

It identifies the security controls that an organisation must have in place within their IT systems in order to have confidence that they are addressing cyber security effectively and mitigating the risk from Internet-based threats.

Why do you need it?

You may have been asked by your clients, or your bank, insurance company, suppliers, trustees, local government (e.g. for a tender or pre-qualification request) to obtain this (now almost pre-requisite) accreditation in order to do business or achieve compliance with them.

Which version do you need?

You need to know if they want you to achieve Cyber Essentials in its basic form or the ‘verified’ Cyber Essentials 'Plus'. Most organisations now want their suppliers to have the latter.

You can actually do the basic one yourself, but because it’s not ‘verified’ it's of little comfort to the people who want to know you take your cyber security seriously. It basically says: "I'm starting to make provision for improving my cyber security".

Where do I get it from?

Hold on! Before you go off and tell your IT supplier or internal IT department to "Get us certified!", a note of warning.

Most IT providers are not ‘Certification Bodies’ for Cyber Essentials basic or Plus, they have to go to somebody else (like us!) to do this for you and they also tend to approach it from a very ‘techy’ perspective, when it is actually more of a policy and standards approach.

The IT elements come later – as a direct result of the information security policy and security controls written specifically for YOUR business objectives and not an ‘applies to everyone’- 'off the shelf' software solution.

What should I do?

First of all, you want to achieve the Cyber Essentials basic certification by going through a Certification Body, costing you around £300+Vat.

Then you can start setting your sights on achieving Cyber Essentials Plus. 

Cyber Essentials Plus can seem more daunting and it has been found that most people struggle to pass the first time if they attempt assessment without knowing what's really going on. 

To try and combat this, at Cyber Tec we have developed a ‘Pre-Assessment’, which tells you what you need to put in place in order to ‘pass’ when the actual accreditation assessment is conducted.

The generated report gives you both the executive-level clarity of what is required, as well as the actual technical instructions to pass onto your IT guys - telling them what gaps they need to fill.

More importantly, you'll get unlimited time with an official auditor and security expert who will scan your systems as many times as needed to make sure you're completely prepared for assessment.

This route comes out less expensive and much more worthwhile than jumping straight into the deep end with the Cyber Essentials Plus assessment. 

Still have unanswered questions about Cyber Essentials or Cyber Essentials Plus?

Check out our Ultimate Guide to Cyber Essentials our comprehensive guide to understanding the scheme inside and out.

Topics: UK, Cyber Essentials, Cyber Essentials Plus, Cyber Security, SME

author

More by Sam Jones

Related articles
Cyber Essentials Checklist: Are You Cyber Essentials Ready?

Do you have what it takes to pass Cyber Essentials Plus? Read on as we walk through the key technical requirements on your Cyber Essentials checklist...

Top 5 Supply Chain Security Best Practices

We know how important suppliers are to a thriving business, but not at the cost of a cyber attack. Read on for some Supply Chain Security best practices...

NEW Partnership with the Police Digital Security Centre

The Police Digital Security Centre is partnering with Cyber Tec Security, in a move designed to encourage UK SME’s to invest in their cyber security.