This month we shine the spotlight on our Cyber Essentials services and how we can help businesses be cyber secure and achieve one or both levels of Cyber Essentials accreditation.
We sat down with our IT Account Manager, Hannah Burgin to discover what questions she is being asked around the assessment process for Cyber Essentials Basic and Cyber Essentials Plus.
Q: What is the Cyber Essentials accreditation? Cyber Essentials is a UK Government supported programme that helps businesses, regardless of their size, protect themselves from cyber-attacks. It’s an effective way to shield your business from common cyber threats whilst demonstrating to your customers that you are serious about safeguarding your digital assets. A win-win situation where you enhance your defences and highlight your commitment to cybersecurity.
Q: What’s the difference between Cyber Essentials and Cyber Essentials Plus? When you obtain the Basic Cyber Essentials accreditation, it means that you’ve demonstrated, through the assessment, that your business has effectively safeguarded itself against a range of prevalent cyber-attacks. This certification is not only a testament to your proactive defence measures, but also signifies that you have robust processes in place to respond to cyber-attacks and deter potential future attempts. It’s a strong indicator of your commitment to cybersecurity and preparedness in the face of evolving digital threats.
With Cyber Essentials Plus, you still get that trademark simplicity of approach that Cyber Essentials is known for. The essential protections you need to implement remain the same. However, the difference lies in the fact that Cyber Essentials Plus goes a step further. It involves a hands-on technical verification process to ensure that the security measures you’ve put in place are effectively working. It’s like a thorough check-up to give you added confidence in your cybersecurity defences.
Q: Is Cyber Essentials and Cyber Essentials Plus accreditation mandatory? The short answer is no. However, it is becoming more and more common place for businesses to be asked by their customers, new and existing, what their cyber security policies are.
The UK Government and some organisations operating within the public sector do now require that suppliers and businesses responding to Invitations to Tenders do hold these accreditations as proof of their cyber security commitment.
Our recommendation is to get ahead of the game and undertake the audit now and manage it in your own time, rather than needing an assessment and accreditation in a hurry when you are asked by a potential client.
Q: How long does the accreditation last for? As with most audited accreditations, the Cyber Essentials and Cyber Essentials Plus are valid for 12 months from the issue date. Having an annual review, ensures that your business is kept fully up to date.
Q: Do I need to have Cyber Essentials Basic before I apply for Cyber Essentials Plus? Yes, you do, and the Cyber Essentials Basic assessment can be taken as part of the Cyber Essentials Plus process.
For businesses who already have their Cyber Essentials Basic, you can undertake the Cyber Essentials Plus within 3 months of your certification.
Q: Is there a directory of businesses who hold a Cyber Essentials Basic and Cyber Essentials Plus certificates? Yes, there is a certificate search facility on the IASME website.
Q: Does Cyber Essentials Basic and Cyber Essentials Plus help with being compliant under UK GDPR regulations? Yes definitely. The Information Commissioners Office (ICO) is the UK Government agency that is responsible for data protection and investigating of data security breaches do advise the Cyber Essentials Basic and Cyber Essentials Plus certifications for all businesses as evidence that they take Cyber Security securely.
It’s worth noting that the ICO will consider it fraudulent if declarations of compliance have been made without evidence and have the power to prosecute business directors accordingly, which could result in fines and potentially a custodial sentence. This is why business directors have to be involved and sign off assessments, rather than it be seen as just the responsibility of the IT department.
Q: Who undertakes the assessments? The Cyber Essentials Basic Certificate does involve a self-assessment process, however the Cyber Essentials Plus Certificate requires an independent third-party government qualified certification body.
Q: What is the cost for the certifications? The certification depends on a number of factors. If you would like more information about the pricing structure for certification for your organisation, please contact us.
For more information, contact Hannah or the Crest IT team or look at our list below of further reading options. *please note we cannot be held responsible for the content on 3rd party sites.
