What is it?
The Cyber Essentials scheme is the UK cyber security standard developed by NCSC (National Cyber Security Centre - a subsidiary of GCHQ), which organisations can be assessed and certified against.
It identifies the security controls that an organisation must have in place within their IT systems in order to have confidence that they are addressing cyber security effectively and mitigating the risk from Internet-based threats.
Why do you need it?
You may have been asked by your clients, or your bank, insurance company, suppliers, trustees, local government (e.g. for a tender or pre-qualification request) to obtain this (now almost pre-requisite) accreditation in order to do business or achieve compliance with them.
Which version do you need?
You need to know if they want you to achieve Cyber Essentials in its basic form or the ‘verified’ Cyber Essentials 'Plus'. Most organisations now want their suppliers to have the latter.
You can actually do the basic one yourself, but because it’s not ‘verified’ it's of little comfort to the people who want to know you take your cyber security seriously. It basically says: "I'm starting to make provision for improving my cyber security".
Where do I get it from?
Hold on! Before you go off and tell your IT supplier or internal IT department to "Get us certified!", a note of warning.
Most IT providers are not ‘Certification Bodies’ for Cyber Essentials basic or Plus, they have to go to somebody else (like us!) to do this for you and they also tend to approach it from a very ‘techy’ perspective, when it is actually more of a policy and standards approach.
The IT elements come later – as a direct result of the information security policy and security controls written specifically for YOUR business objectives and not an ‘applies to everyone’- 'off the shelf' software solution.
What should I do?
First of all, you want to achieve the Cyber Essentials basic certification by going through a Certification Body, costing you around £300+Vat.
Then you can start setting your sights on achieving Cyber Essentials Plus.
Cyber Essentials Plus can seem more daunting and it has been found that most people struggle to pass the first time if they attempt assessment without knowing what's really going on.
To try and combat this, at Cyber Tec we have developed a ‘Pre-Assessment’, which tells you what you need to put in place in order to ‘pass’ when the actual accreditation assessment is conducted.
The generated report gives you both the executive-level clarity of what is required, as well as the actual technical instructions to pass onto your IT guys - telling them what gaps they need to fill.
More importantly, you'll get unlimited time with an official auditor and security expert who will scan your systems as many times as needed to make sure you're completely prepared for assessment.
This route comes out less expensive and much more worthwhile than jumping straight into the deep end with the Cyber Essentials Plus assessment.