Cybercrime is an increasing concern for all organisations, regardless of size. To help any organisation attain a baseline level of cybersecurity and to help them to reduce the risk of becoming a victim of the most common cyber-attacks, in June 2014, the UK Government launched The Cyber Essentials Scheme. Baigent’s Information Security Services has been a Cyber Essentials Certification Body since 2014. Based in Hampshire they can assess and certify business of all sizes anywhere in the UK, even remotely.
What is Cyber Essentials?
Achieving the Cyber Essentials certification means that an organisation’s IT systems meet a certain level in the five following controls:
- Boundary Firewalls and Internet Gateways – these are devices designed to prevent unauthorised access to or from private networks. Good setup of these devices is essential for them to be fully effective.
- Secure Configuration – ensuring that systems are configured in the most secure way for the organisation’s needs.
- Access Control – ensuring only those who should have access to systems have access and at the appropriate level.
- Malware Protection – ensuring that virus and malware protection is installed and is up to date.
- Patch Management – ensuring that the latest supported version of applications is used and all the necessary patches supplied by the vendor have been applied.
Two Levels of Certification:
Cyber Essentials – is the basic level where a self-assessment questionnaire is completed, and an external certifying body reviews the responses.
Cyber Essentials Plus – demonstrates a higher level of assurance as vulnerability tests are conducted on the organisation’s systems by an external certifying body (Baigent’s Information Security Services Ltd) moderated by IASME Consortium.
Key Cyber Essentials Benefits:
- Demonstrates to customers that your business takes cybersecurity seriously.
- Helps to ensure your business complies with Art. 32 GDPR “Security of processing” and Data Protection Act 2018
- Provides some clarity on the essential security controls your business needs to have in place.
- Identifies areas within organisations where there is room for improving existing security controls.
- Automatic cyber liability insurance for UK domiciled organisations with less than £20m turnover who pass the assessment (terms apply).
- A good start for building up to a more comprehensive information assurance management system such as the IASME Governance standard or ISO27001.
- Get the edge on your competitors – from 1st October 2014, the UK Government requires that all suppliers bidding for certain sensitive and personal information-handling contracts be certified against The Cyber Essentials Scheme.
- Required for Ministry of Defence (MoD) supply chain contracts under Defence Cyber Protection Partnership (DCPP) for levels of cyber risk very low to high.
- Can be used to demonstrate information security requirements to HMRC for Authorised Economic Operator (AEO) applications.
How to get the Cyber Essentials Certification
Cyber Essentials:(Self Assessment) Cost £300 exVAT 1
Client self assessment submission via the online portal. Following submission, the questionnaire is then verified by us and if successful report and certificate issued.
Cyber Essentials:(Assisted) Costs from £550 exVAT 1
Baigent’s Information Security Services Ltd. provide a personalised service that begins with an on-site consultation to prepare your organisation for the Cyber Essentials certification process. We will provide advice and guidance on completing the self-assessment questionnaire and will make recommendations for any measures that you need to implement to meet the appropriate requirements. 2 Following submission, the questionnaire is then verified by an independent Certification Body. Includes Cyber Essentials:(Self Assessment) Cost £300 exVAT
Cyber Essentials Plus: Costs from £1400 exVAT 1
Offers a higher level of assurance through the external testing of the organisation’s cyber security. The Cyber Essentials Plus is as above but has the added benefit of a comprehensive vulnerability scan and health check. 2 During this process, you may be advised to take further action on what measures you may need to take to resolve issues before achieving the certification.
Please be aware that you may be required to take corrective/preventative measures, which might include, but not limited to, purchasing, upgrading or installing security software and equipment that your business may not already have in order to comply with current best practices and standards. You may also need to improve internal procedures, practices, policies and other documentation to gain certification. ↩ ↩2 ↩3