Cyber Essentials and Cyber Essentials Plus

cyber-essentials-logo-high-res

hm_government_logo-svg

SecureArm provides Certified Consultants for the Cyber Essentials scheme which is a Government-backed and industry supported scheme to assist and guide businesses in protecting themselves against cyber threats.

The Cyber Essentials scheme provides businesses with clarity on good, basic cyber security practice. By focusing on basic cyber hygiene, your company will be better protected from the most common cyber threats and aims to reduce common threats by 80%.

Cyber Essentials is for all organisations, of all sizes, and in all sectors – we encourage all to adopt the requirements as appropriate to their business. This is not limited to companies in the private sector, it is also applicable to universities, charities, and public sector organisations.

Cyber Essentials is mandatory for all government contracts which involve handling personal information and providing certain ICT products and services.

There are two levels of certification:

cyber_essentials_badge_high_res-copy

Cyber Essentials

Cyber Essentials certification is awarded on the basis of a verified self-assessment. An organisation undertakes their own assessment of their implementation of the Cyber Essentials control themes via a questionnaire, which is approved by a senior executive such as the CEO. This questionnaire is then verified by an independent Certification Body to assess whether an appropriate standard has been achieved, and certification can be awarded.

cyber_essentials_plus_badge_high_res

Cyber Essentials Plus

Cyber Essentials Plus offers a higher level of assurance through the external auditing by the certification body of the organisation’s cyber security approach.

Given the more resource intensive nature of this process, Cyber Essentials Plus costs more than the foundation Cyber Essentials certification

The Cyber Essential scheme focuses on Internet-originated attacks against an organisation’s IT system. Many organisations will have particular additional services, e.g. web applications, that will require additional and specific controls beyond those provided by Cyber Essentials. Cyber Essentials concentrates on five key controls.

These are:

Costs

Cyber Essentials package - from £900, this includes

  • A half-day onsite consultancy with an authorised Cyber Essentials Consultant.
  • A full report detailing all areas of the certification that are likely to require additional non-technical work (i.e. production of procedures, paperwork, and evidence gathering).
  • A summary outline of the technical work that may be required prior to submitting for approval.
  • A pre-paid voucher to use within 6 months to obtain the certification.
  • A management summary detailing observations with additional advice to reduce security concerns.

Additional consultancy can be purchased at £100 per hour to assist with non-technical evidence gathering.

Annual re-certification package £500, this includes:

  • A two-hour onsite consultancy with an authorised Cyber Essentials Consultant to confirm conformity prior to submission to the certification body.
  • A pre-paid voucher to use within 6 months to obtain the certification.

The Cyber Essentials scheme is recommended for organisations looking for a base level Cyber security test where IT is a business enabler rather than a core deliverable. It is mainly applicable where IT systems are primarily based on Common-Off-The-Shelf (COTS) products rather than large, heavily customised, complex solutions.

The main objective of the Cyber Essentials assessment is to determine that your organisation has effectively implemented the controls required by the Scheme, in order to defend against the most common and unsophisticated forms of cyber-attack.

The completed questionnaire attests that you meet the Requirements of the Cyber Essentials Scheme, which must be approved by a Board member or equivalent, and will then be verified by a competent assessor from Securious (the Certifying Body).

Such verification may take a number of forms, and could include, for example, a telephone conference. The verification process will be at the discretion of Securious.

Contact us today to find out more.

If you don’t act now you could face a very large fine

We are here to help and guide you through the new government regulations

0800 195 3838

From our Twitter feed