What Is Cyber Essentials Certification And Why Is It Important?
Cyber essentials is a UK Government certification scheme that provides assurance to clients, suppliers, and other stakeholders that an organisation has taken basic cybersecurity hygiene measures. The certification covers five technical controls that address 80% of the most common cyber threats.
What Is Cyber Essentials?
A UK Government-backed framework, supported by the National Cyber Security Centre (NCSC), the Cyber Essentials Certification scheme ensures that an organisation has established basic safeguards to fight most common cyber attacks. Specifically, Cyber Essentials test for the presence of firewalls, secure configuration settings on devices and software, user access control and patching.
IT Governance offers a number of affordable certification packages that allow organisations of all sizes to gain their Cyber Essentials certificate. The self-assessment option is quick and easy to complete while the Plus package requires an external vulnerability scan to be conducted by a CREST accredited assessor.
Why Is This Certification Important?
It ensures that you meet Government contact requirements – The Ministry of Defence requires all organisations who work directly with them to be a Cyber Essentials certified. Gain more business opportunities as clients will be confidence to work with you if you are committed to cybersecurity.
The process starts with a self-assessment questionnaire and a technical assessment conducted by a regulated Cyber Essentials Certification body. If the questionnaire and technical assessment are passed, you will receive proof that you meet the five security controls.
What Is Being Tested In The Process?
The Cyber Essentials scheme focuses on the five basic security controls that, when implemented properly, protect against most common cyber attacks. These controls are based on UK research into the most successful and widespread attack methods used by criminals.
The assessment is designed to be quick and easy, so that even organisations with limited technical resources can achieve certification. It involves a self-assessment questionnaire, an external review of that questionnaire and a perimeter vulnerability scan by a certifying body.
It also includes recommendations and areas for improvement to help businesses further improve their cybersecurity posture. This is important because threats are constantly evolving and becoming more sophisticated.
How Can You Achieve Cyber Essentials?
The Cyber Essentials process has been designed by the Government to be light-weight and easy for any organisation to implement. You first need to choose a Certification Body that you want to manage your Cyber Essentials assessment, they will then send you the questionnaire which you complete online. This is then reviewed and an external vulnerability scan of your internet facing IP addresses will be carried out.
Upon successful certification, your Certification Body will then issue you with a certificate. This is valid for one year and needs to be renewed annually.
URM works with a number of Certification Bodies including Cyber Tec Security who can manage your application from start to finish, or for those organisations that already have completed their self-assessment, a half-day gap analysis is available where our assessor will walk you through the questions and explain the intent behind the answers so you understand why something may be acceptable or not.