The Cyber Essentials scheme defines a security standard which organisations can be certified against. It identifies five key security controls that work together to mitigate 80% of common cyber-attacks.
Designed to encourage the implementation of fundamental security elements, this government-backed certification presents a starting point that validates a basic level of security, suitable for all organisations in all sectors.
Cyber Essentials – This level of certification is awarded on the basis of a completed self-assessment questionnaire. This evaluates your processes against five basic security controls:
On completing the questionnaire, our team will verify your answers by conducting:
After this process a full report will be generated containing the details of what was discovered. The report will demonstrate clearly whether you have passed or failed and what measures must be taken in remediation. A consultant will be available to advise you if required.
Cyber Essentials Plus – This level offers a higher level of assurance. It contains the same elements as Cyber Essentials evaluating your processes against five basic security controls:
Then extends the assurance, testing that the five key controls are working in practice by simulating a phishing attack and a build review of representative workstations and mobile devices. This additional phase of testing increases the validity of certification considerably by providing evidence of compliance.
Nearly three-quarters of SMEs reported a security breach last year – and by implementing the security controls that Cyber Essentials promotes, your business will be in a better position to protect against these attacks.
Find out how Cyber Essentials can help and protect from you from emerging cyber threatsGET IN TOUCH
The scheme provides a metric against which organisations can measure the maturity of their security posture. Successful completion provides a certificate and digital assets for marketing. This can be used to demonstrate to customers and business partners that compliance has been attained in line with industry recognised standards.
Cyber Essentials has been developed as part of the UK’s National Cyber Security Programme and in close consultation with industry. It was created for organisations of all sizes and sectors to ensure that they are taking the correct steps to protect themselves from cyber-crime.
It is not limited to companies in the private sector, but is applicable to universities, charities and public sector organisations. By deploying these controls, organisations demonstrate that cyber security is being addressed effectively and that they meet eligibility requirements for certain government and MOD supply chain contracts.
Selected by industry experts, the technical controls within the scheme reflect those covered in well-established standards, such as the ISO/IEC 27001 series, the Information Security Forum’s Standard of Good Practice for Information Security and the Standard for Information Assurance for Small and Medium Sized Enterprises.