Cyber Essentials

Cyber Essentials

Cyber Security

Cyber Essentials Scheme

The Cyber Essentials scheme is a UK Government backed cyber security initiative that aims to provide a standardized approach for businesses to assess security risks and show a commitment to the protection of the personal data of its customers and all stakeholders they relate with.

The scheme defines a series of technical and procedural controls to mitigate the risks associated with cyber threats.

There are two levels of certification:

Cyber Essentials

This requires organisations to complete a self-assessment questionnaire and the responses are reviewed by an external certifying body.

What are the benefits of Cyber Essentials

Cyber Essentials consists of five key controls which, when implemented, help to secure your organisation against cyber-attacks. These are:

Securing access to network services
Configuring your systems to reduce vulnerabilities
Ensure access to your data and services is assigned to authorised users only
Using and maintaining virus and malware protection
Keeping your applications up-to-date with necessary patches and security fixes

Organisations can defend against the most common form of basic cyber-attacks originating from the internet by deploying the above controls hence preventing to illegitimate access to their systems.

Once passed, you’ll be able to display the Cyber Essentials logo on your website and marketing literature to demonstrate to your customers, suppliers, investors and stakeholders that your organisation is taking steps to protect against common cyber threats and take cyber security seriously.


Cyber Essentials Plus

This is a test of the organisation’s systems are carried out by an external certifying body.

Cyber Essentials Plus offers businesses the opportunity to take their security to the next level and cannot be undertaken without first being Cyber Essentials certified.

Cyber Essentials Plus is aimed at businesses with a more complex IT infrastructure and by achieving it, you can reassure and demonstrate to your customers that you have a higher level of commitment to security, which will further increase their confidence in your business.

To complete the Cyber Essentials Plus accreditation, you will also need to pass a final technical audit.

What are the benefits of Cyber Essentials Plus?
Customers Assurance
A recent industry survey found more than that 80% of businesses wanted to reassure their customers that they were taking a proactive approach to cyber security - this is a leading reason for certification to an industry accreditation such as Cyber Essentials Plus. Organisations who are awarded Cyber Essentials and Cyber Essentials Plus certification are provided with a certificate from the Accreditation Body and a logo toolkit which allows the Cyber Essentials logos to be used on the organisation’s website and in company documentation.
Competitive advantage
Your organisations demonstration of due diligence towards security and data protection requirements puts your company in an advantageous position when bidding for new contracts and responding to RFI/RFPs.
It is a partnership
To ensure your business continues to uphold the highest standards of IT security, the Cyber Essentials Plus certification must be renewed once per year.

A step by step approach

Step I: Questionnaire completion
Cyber Essential Plus is a phased process. The first step requires you to complete a self-certification questionnaire. Our team of experienced consultants are always on hand to with the initial paperwork.

Step II: Full infrastructure audit
The second phase of the compliance process sees our consultants analysing your network resources and protections to verify they match the answers provided in the questionnaire. We will also identify vulnerabilities that need to be addressed.

Step III: In depth testing
A technical audit of the systems that are in-scope for Cyber Essentials is conducted to ensure it meets the required standard. We will also assess your employees to ensure they can demonstrate an appropriate level of awareness of how to store and handle sensitive data correctly.