Cyber Essentials Plus Certification

 

Cyber Essentials Plus is achieved by downloading the scope and quotation form which will help us to assess the costs involved in performing an on-site (or remote) vulnerability assessment.

Before the assessment takes place, you must submit responses on the Cyber Essentials portal to achieve Basic level (or have achieved Basic level no more than three months before achieving Plus). A login would be sent to you as part of the Cyber Essentials Plus process and the cost of assessment and Certification at Basic level would be included with Cyber Essentials Plus.

What is Cyber Essentials?

Cyber Essentials has been developed as part of the UK’s National Cyber Security Programme and aims to encourage businesses of any size to take steps towards achieving a baseline of cyber security.

It is believed that implementing the required controls could shield companies from up to 80% of the common threats from the internet.

Adopting Cyber Essentials has become a major requirement to win business in many sectors. For example, the government requires certain suppliers bidding for some contracts to be Cyber Essentials certified.

The scheme is applicable all private sector organisations, universities, charities, and public sector organisations. It is backed by industry including the Federation of Small Businesses, the CBI.

A company can gain the relevant Cyber Essentials badges: “Cyber Essentials” and “Cyber Essentials Plus”. These badges allow a company to advertise the fact that it adheres to a government endorsed standard.

Cyber Essentials Certification is achieved after a self assessment is submitted for review to a Certification Body with the approval of a senior director, stating that all the criteria has been met.

The key areas include secure configuration of firewalls and other devices capable of connecting to the internet, user access control, use of anti-virus software and the need to keep operating systems and programs up to date.

Cyber Essentials Plus requires the company to pass an onsite or remote vulnerability assessment performed by the Certification Body.