Cyber Essentials is changing on January 24th when the National Cyber Security Centre is introducing an updated set of requirements.
Indelible Data’s Managing Director Tony Wilson contributed to the changes and will lead a webinar on January 20th to help clients understand and meet the new requirements. Just 20 places are available and can be purchased here
This update is the biggest overhaul of the scheme’s technical controls since it was launched in 2014 and is in response to the evolving cyber security challenges facing organisations.
The update includes revisions to scoping, the use of cloud services, as well as home working, multi-factor authentication, password management, security updates and more.
The new version of the Cyber Essentials technical requirements is officially released on 24 January 2022. Any assessments already underway, or are purchased before that date, will continue to use the current technical standard, meaning that in-progress certifications will not be affected. Organisations using the current standard will have six months from 24 January to complete their assessment.
All Cyber Essentials applications starting on or after 24 January will use the updated version of requirements. We recognise that some organisations may need to make extra efforts when assessed against the new standards, so there will be a grace period of up to 12 months for some of the requirements.
An updated version of Indelible Data’s Cyber Essentials Guide – An in-depth look at passing first time, will be published on January 24th.
PRICE CHANGES ON JANUARY 24th
To reflect the increasingly complex nature of assessments for larger organisations, from 24th January 2022, Cyber Essentials will adopt a new tiered pricing structure.
While micro businesses and organisations will continue to pay the current £300 assessment charge, small, medium and large organisations will pay a little more, on a sliding scale that aims to better reflect the complexity involved in assessing larger organisations. Currently, all BRONZE assessments are charged at £300. However, the bigger and more complex the organisation, the longer it takes to review and feedback on the assessment.
The new structure – which adopts the internationally recognised definition for micro, small, medium and large enterprises – is shown in the table:
|Micro organisations (0-9 employees)||*£300 +VAT (3-5 day assessment)|
|Small organisations (10-49 employees)||*£400 +VAT (3-5 day assessment)|
|Medium organisations (50-249 employees)||*£450 +VAT (3-5 day assessment)|
|Large organisations (250+ employees)||*£500 +VAT (3-5 day assessment)|
*Prices shown do not include add-ons associated with SILVER and GOLD services.