What is Cyber Essentials?

Cyber Essentials is a simple yet effective, Government backed scheme that will help protect your organisation, regardless of size, against a range of the most common cyber threats.

Many cyber attacks look for vulnerabilities in your systems.  Cyber Essentials helps bolt the ‘doors and lock the windows’.

The scheme is owned by the National Cyber Security Centre (NCSC).  In April 2020, the IASME Consortium (IASME) became the NCSC Cyber Essentials Partner for delivery of the Cyber Essentials scheme.

Why should I look at certifying to Cyber Essentials?

  • The threats from cyber attack are ever present. Most attacks are low level, low sophistication ones yet can prove extremely damaging and expensive for the victim.  They may be targeted directly at you or, they may be general attacks which target vulnerabilities which may lie within your system.

Cyber Essentials is based on proven controls which, when implemented, can help protect your business and your reputation.

  • The certification shows your customers that you take cyber security seriously and that you have implemented fundamental core controls to protect your business and your clients’ valuable data.
  • Many contracts, Government and, increasingly private sector, mandate or actively encourage Cyber Essentials.
  • It can help secure your business as required by Data Protection legislation.

My business holds sensitive data, how can Cyber Essentials assist with the requirements of Data Protection legislation?

The Data Protection Act enacts the General Data Protection Regulation.  The legislation requires that data must be processed in a manner that ensures appropriate security of the personal data, using appropriate technical or organisational measures.

The Information Commissioner’s Office recognises Cyber Essentials and has produced ‘A practical guide to IT security’ .  Section 2 of that guide is titled ‘Get in line with Cyber Essentials’.

In addition, in 2020, the ICO issued a £500,000 fine to Cathay Pacific Airways Ltd.  In its summing up, the ICO Director of Investigations said, ‘At its most basic, the airline had failed to satisfy four out of five of the National Cyber Security Centre’s basic Cyber Essentials guidance.’

How can I apply for the Cyber Essentials Certification?

Cyber Essentials comes at two levels, self-assessed and Plus .

The Self Assessed is the first level option.  An assessment is completed through a portal, the answers are signed as true answers by a Director or owner manager before being submitted for verification by an independent assessor.

The cost of the actual certification for the self-assessed option is no more than £300 and can be completed by the applicant organisation itself.  If more support is required, a third party, such as one of IASME’s licensed Certification Bodies can help.

For Cyber Essentials Plus a qualified assessor examines and tests the controls in place via a technical audit.  As the cost of Cyber Essentials Plus can vary depending on things, such as organisation size and number of devices, organisations should request a quote.  Quotes can be sourced through the IASME website.

Can I complete the Cyber Essentials self-assessed option myself?

Yes.  A copy of the questions can be downloaded free of charge via the IASME website.  This question set will allow you to perform a gap analysis ahead of the actual assessment.  It will also allow you to assess if you require additional help and support.

The actual assessment must be completed via a portal.  If you wish to apply direct, without any third-party support, you can apply here.

Where can I get more information?

There are a number of places that you can get more information.  These include:

The National Cyber Security Centre (NCSC) website.

The IASME website.

By contacting an IASME Certification Body.  You can find your nearest Certification Body here.

Or, please email marketing@iasme.co.uk and please include ABDO in the title bar.