Cyber Essentials Certification – Your Hands-On Guide

Cyber Essentials Certification , delivered on behalf of the National Cyber Security Centre’s by its Accreditation Body IASME .  This is a must have for every business or third sector organisation.  Cyber security in general, and data security in particular, have never been more important.  Large or small, you should take them very seriously and get certified.

Here is a checklist of your options with regard to the government-endorsed Cyber Essentials, Cyber Essentials Plus and IASME Cyber Assurance certifications.

The Cyber Essentials scheme is a verified self-assessment scheme that analyses an organisation’s level of security in five key areas.  The key control are:

• Secure Configuration,
• Boundary Firewalls and Internet Gateway
• Access control and Administrative Privilege Management
• Patch management
• Malware protection.

The initial assessment is carried out by means of a self-assessment questionnaire.  This is reviewed by an external IASME accredited Cyber Essentials Certification body.  The scheme is now seen as a basic, “must-have” benchmark for any company which is handling any sort of sensitive data (and these days, that definition is very broad).  Most companies are likely to find it in their best interests to get this certification as quickly as possible and that means, ideally, getting it first time.

The current Cyber Essentials self-assessment questions can be downloaded for free.

We can help with this by providing consultancy time to help you to understand and answer the questions and get the documentation and processes together in order to pass.  We are an IASME certification body for Cyber Essentials self-assessment and Cyber Essentials Plus audits.  We are also IASME Cyber Assurance Self Assessment and Cyber Assurance Audited IASME Certification Body

As its name suggests, the Cyber Essentials Plus (CE+) covers the same ground as the Cyber Essentials Certification.  However, it adds an extra degree of external verification.  This is completed by having an external party simulate basic hacking and phishing attacks (Penetration Testing), to confirm that the organisation’s systems are able to respond appropriately.   This testing aims to confirm the answers to three questions:

1. How easy is it for malicious files to enter into the corporate network? While accepting that it’s effectively impossible to guarantee that any system will keep out 100% of malicious files 100% of the time, a robust IT security policy should keep out most files, most of the time.
2. If malicious files do enter the system, how likely is it that they will be detected and stopped?
3. If malicious files do enter the system, how much damage are they likely to be able to cause?

We are CE+ accredited so we can carry out this onsite work and also help with understanding the requirements and reaching the standard.

IASME Cyber Assurance includes CE+ and also covers data governance and the protection of data to meet the GDPR standard.  There are two certification levels, verified self-assessment or onsite audited. We are certified as both a self-assessment approval body and as an onsite auditor. Prior to the certification, we can provide consultancy time to help you and your staff to understand and answer the questions and get the documentation and processes together to pass.

GDPR stands for General Data Protection Regulations and is an EU directive. This came into force on 25th May 2018.  It is a significant update to existing data protection regulations.  It is both wider in scope, more demanding and more rigorous in the penalties which can be applied if it is breached.

Companies are strongly advised to make sure that they are fully prepared for its implementation.  Certification, such as Cyber Essentials and IASME Cyber Assurance can help.  Providing Managed IT Services in London to businesses and charities, WeSeeNow always recommend that time and money is invested in getting the right cyber security in place.  Cyber Essentials certification and IASME Cyber Assurance provide the perfect starting level for organisations of any size.