What is Cyber Essentials?
Cyber Essentials is a government-backed certification scheme to help organisations protect themselves against common types of attacks. As well as protecting your organisation against 80% of common cyber-attacks, it also demonstrates to your customers, prospects and partners that you have considered security and implemented controls to safeguard your business.
It is a mandatory requirement for government contracts and is expected to become a prerequisite for a broader range of both public and private sector tenders. There are two levels of certification to consider.
The difference between Cyber Essentials and Cyber Essentials PLUS
There are two levels of certification:
- Cyber Essentials
- Cyber Essentials PLUS
Cyber Essentials should be seen as a step in the right direction for businesses but is also more of a starting framework. Cyber Essentials PLUS has the same requirements as Cyber Essentials, but requires an independent assessment of the technical security controls in place as well as involving a vulnerability scan to identify risks such as unpatched or unsupported software and incorrect configurations. As such, Cyber Essentials PLUS is held in higher regard.
The process for Cyber Essentials certification
- Pre-assessment scoping call
- You answer a series of questions
- We remotely verify your answers and seek clarity where needed
- We conduct an external vulnerability scan of your systems
- We verify the compliance status of any third parties you use
- An interim report is issued
- All remediation points must be addressed, within a 4-week window
- We issue Cyber Essentials report and certification (if applicable)
- We also provide telephone and email support
The process for Cyber Essentials PLUS certification
- Successfully complete Cyber Essentials
- Confirm scope of intended certification
- Pre-assessment scoping call
- We carry out a thorough onsite audit of your security controls
- We conduct an internal vulnerability scan of your systems
- An interim report is issued
- All remediation points must be addressed, within the 4-week window
- We will issue a report and Cyber Essentials PLUS certification (if applicable)
- We also provide telephone and email support
Business Benefits
Implementing this framework will help your business to:
- Deliver cost-effective assurance for your business;
- Achieve a mandatory framework for government contracts;
- Mitigate 80% of the risks faced such as malware infections, social engineering attacks, and hacking;
- Safeguard commercially sensitive data and reduce the chance of disruption, prevent loss of profits and damage to your brand and reputation;
- Have cyber liability insurance cover – free when you pass the assessment and meet the criteria (terms apply).
Why 2|SEC Consulting?
- We are an approved certifying body under both CREST and the IASME schemes;
- We will be on hand to help you overcome any challenges as you complete the self-assessed questions;
- We will also identify any vulnerabilities as we review your ongoing responses to the questions;
- We have vast experience of working with a number of cyber security industry standards;
- We are certified by the leading standards bodies including CREST, QSA, PCI DSS, PA-QSA, IASME, CHECK, CISSP, CISA, CISM, OSCP, SANS-GIAC, and CEH.
Do you deliver services to Government organisations?
“The level of service received has been consistently high and we will continue to approach 2|SEC Consulting for future projects. We have been happy working with them, being guided through the process from scope definition to execution and final reporting. Due to the nature of the business, we’ve had to work to extremely tight deadlines and they have been able to accommodate us at short notice.”