The Cyber Essentials scheme is a fantastic way to improve your cyber security defences while assuring your customers and partners that you take cyber security seriously. Level 1 of the Cyber Essentials standard consists of a self-assessment in which you’ll confirm that your organisation has all the appropriate controls in place. An organisation has two options: it can either complete the self-assessment internally or work with an experienced certification body throughout the process.
With Level 2, which is Cyber Essentials Plus, unlike with the self-assessment version, a certification body must perform an audit to check that you’ve successfully met all five technical controls. The specifications needing to be met can raise many unknown questions regarding your organisation’s current security health. However, by opting for the audited Cyber Essentials standard, you can feel confident as a cyber security focused company will support you throughout the process and verify your answers.
With the help of the Data Connect team, you can rest assured that the certification process will be transparent and smooth.
Cyber Essentials is a government-backed scheme that outlines the five technical controls an organisation must have to ensure an effective level of security. The technical controls are firewalls, secure configuration, user access control, malware protection and patch management. The National Cyber Security Centre (NCSC) has assured organisations that, with Cyber Essentials, the most common cyber attacks can be prevented.
As the threat landscape evolves, the technical requirements can be updated by the two governing bodies, the NCSC and IASME, to reflect new security vulnerabilities. An organisation needs to reapply for the Cyber Essentials certification every 12 months, which validates that your current security protocols are effective in the current threat landscape.
Some organisations have the internal resources and experience to carry out the self-assessment process confidently and without guidance. If you choose this approach, you can select a trusted certification body to assess your completed questionnaire.
The Cyber Essentials Review Toolkit gives you a comprehensive set of tools and ongoing support from our cyber security experts throughout the year. Our technology and consultancy will simplify the certification process and ease your recertification for years to come.
At Data Connect, Cyber Essentials is more than ticking a box. We use the certification journey to understand your organisation’s challenges and IT environment, helping you understand the complex nature of current threats and keeping you on track for future compliance recertifications.
Please answer the following questions and complete the contact form to submit. A member of our team will be in touch shortly.
There are two governing bodies that oversee the standard, the NCSC and IASME. The National Cyber Security Centre (NCSC) was established in 2016 as a single point of contact for SMEs, larger organisations, the general public and government agencies.
Five companies, including IASME, worked with the government to create Cyber Essentials after a ‘call to evidence’. While the goal of the scheme hasn’t changed since it was launched in 2014, the structure of the certification has. In April 2020, IASME became the sole partner to the NCSC for Cyber Essentials. IASME regulates the scheme’s certification bodies who have to pass assessments and comply with strict procedures. We are proud to be a certification body for Cyber Essentials, Essentials Plus and IASME Cyber Assurance.
The Cyber Essentials Plus audit is an independent verification of the controls to which you will attest to within the Cyber Essentials questionnaire. The auditor will run tests on a sample set of devices for which your end users should be present and should run the tests under the guidance of the assessor. So long as the questionnaire has been answered correctly, your organisation should be able to pass the Cyber Essentials Plus standard.
This can vary dependant on the organisation. However by working with Data Connect we optimise the certification process by checking your technical controls and sorting out any issues before the Cyber Essentials Plus audit.
There are five core technical controls which include secure configurations, security updates, boundary firewalls and internet gateways, access controls and malware protection.
Yes due to Cyber Essentials being an internationally recognised standard. We have helped many international organisations achieve Cyber Essentials. In many cases, these businesses wanted to increase credibility within the UK market.
By working with Data Connect, you can be confident that your organisation is in the right hands. You'll be given a dedicated account manager who will continue to work with you. This means that they will be invested in you and your organisation, checking in and reminding you of future renewal dates.
Additionally, you can subscribe to our vSOC CERT (Cyber Essentials Review Toolkit) service, which allows you to check whether you are Cyber Essentials compliant throughout the year. You will have access to a range of benefits and powerful tools, while streamlining recertification.