Cyber Essentials as a Service
What is Cyber Essentials?
Demostrates to the outside world that your organisation takes IT Security serious and is open for secure business
The full scheme, launched on 5 June 2014, enables organisations to gain one of two Cyber Essentials badges. It is backed by industry including the Federation of Small Businesses, the CBI and a number of insurance organisations which are offering incentives for businesses. Cyber Essentials is suitable for all organisations, of any size, in any sector.
Five Reasons to have Cyber Essentials certification?
Reassure vendors, clients and future customers that you have a secure IT infrastructure.
Helps with frameworks you have in place for General Data Protection Regulation (GDPR).
Some Government contracts and others that already have the certification will require their partners to also have Cyber Essentials certification.
You have a understanding of your organisation’s cyber security level.
Help with your organisation fight against common cyber threats.
Why Cyber Essentials as a Service?
Instead of both parties’ annual cost and administration work, we spread the work and cost over 12 months. More importantly, maintaining and incrementally improving IT security throughout the year is a sounder working practices than a big bang approach.
What does it include?
- Cost of certification
- Extra security checks throughout the year
- Documentation and audit of checks
- Additional security services
- Automatically renew of certification the following year
What is involved with Cyber Essentials?
We ensure ongoing, bite-sized learning that empowers your staff’s knowledge in core security areas while mapping your organisation’s overall risk-based on regular phishing testing, dark web monitoring and policy communications.
Q1 - Evaluate & Certification
On average we aim to have new clients with first certification within 1 month.
Existing client can expect quicker result, as by default you will be following many of the best practices as outline by Cyber Essentials.
Q2 - Audit
Firewall audit and external scanning
Software audit
User account audits
Passwor changes and 2FA checks
Q3 - Improve
Device and computer audit
Advanced software patching
Firmware updates on key systems
Internal network scans
Q4 - Annual Certification
Review of security services
Renewal of certification
What is Cyber Essentials Plus?
Cyber Essentials Plus is the highest level of certification, requiring a more thorough examination of a company’s cyber security systems to guard against hacking and phishing attempts.
The assessment proceeds as follows:
- Internal Vulnerability Analysis
- Evaluation of external vulnerability
- User Access Controls Evaluation
- Browser download evaluation
- Email testing
Cyber Essentials Plus comprises the same questions as the standard accreditation, including an internal scan and on-site evaluation.
This comprises the assessor assessing the security of a random sample of organisation systems, devices, and servers.
The Cyber Essentials Plus evaluation also offers clients a comprehensive report outlining the findings and adjustments that must be addressed before certification can be granted.
