What is Cyber Essentials? Alex Martin, Business Development Manager at Cognisys states that “Most organisations will, by now, have heard of Cyber Essentials”. For the benefit of those who have not this may answer some of the questions on the matter.
Alex goes on to explain: “Cyber Essentials is a government backed certification path. The certification was established to evidence businesses were securing their networks adequately. Created by the National Cyber Security Centre (NCSC) and launched in 2014, Cyber Essentials is now a widely recognised certification. Cyber Essentials was initially intended for organisations that provided services to government agencies. In more recent years it has been more widely used as a benchmark by the NHS and private sector alike.”
Alex informs us: “Cyber Essentials comes in two levels. Cyber Essentials and Cyber Essentials PLUS.
Cyber Essentials is easily attained through a simple self-assessment questionnaire. Once completed your certifying body partner will review the responses in line with the standard. As part of the review process your partner will provide feedback regarding whether you’re likely to pass or fail. If the result is likely to be a fail your partner will provide you with remediation advice. You will need to ensure that the remediation suggestions have been adequately fulfilled and the self-assessment questionnaire revised before resubmitting this to your Cyber Essentials certifying body.
Cyber Essentials PLUS encompasses the process above but adds a level of complexity. Additional onsite consultancy is required to attain the Cyber Essentials Plus certification. The onsite elements include reviews of policies, procedures, device builds, patch management and security solutions. These reviews are there to make sure that best business practices are being adhered to.”
As a bonus feature of gaining either level of Cyber Essentials Alex mentioned that certified organisations also receive Cyber Insurance. Alex added: “Cyber Essentials certified organisations are provided with up to £25,000 worth of cyber insurance from AXA through the scheme. For small business this is a very nice feature.”
How Has Cyber Essentials Changed Recently
Alex updated MYCCI by saying “In October 2019 the NCSC re-tendered for accrediting bodies. The scheme had become diluted with 8 accrediting bodies. The NCSC decided that, in order to govern the process, a more standardised approach was required. The NCSC therefore concluded that the IASME standard was to become the de facto standard. This change will come into effect as of April 2020.”
Furthermore Alex says: “The IASME standard also carries increased criteria that certifying bodies need to meet. In order to become an assessor the candidate needs to be certified to one of the following levels:
Being certified to one of these levels ensures that the person certifying you has an in depth knowledge of cyber security, the policies and procedures you need to maintain and what emerging threats look like.”
What Can Cognisys Do To Help?
If you’re considering Cyber Essentials for your organisation please email firstname.lastname@example.org with your contact details and an experienced member of the team will call you back to discuss your requirements.
Further details of our services can also be found on the website links below:
#cognisys #cybersecurity #GRC #cyberessentials