Cyber Essentials is a UK scheme, backed by the NCSC (National Cyber Security Centre) that sets out to help organisations guard against the most common cyber threats and demonstrate their commitment to cyber security.
There is also a Cyber Essentials Plus scheme that is more rigorous and has all the benefits of Cyber Essentials, PLUS the further assurance that your organisation's cyber security is verified by independent experts (at significant additional cost, possibly up to several thousand pounds p.a.).
Being certified means that your organisation can
- reassure customers that you are working to secure your IT against cyber attack
- attract new business with the promise you have cyber security measures in place
- gain a clear picture of your organisation's cyber security level
- tender for some Government (and other) contracts that require Cyber Essentials certification
- reduce the number of cyber security 'assertions' you need to make when completing the NHS Data Security and Protection Toolkit (if you do)
At the basic level, certification is by completion of a questionnaire and its submission to one of the certifying bodies. There may also be external vulnerability scans if you maintain internet-facing applications and networks.
However, in order to be in a position to certify, your organisation must meet the standards laid down by the NCSC. Here, Exigia can help. We will work with you and your IT suppliers to reach the compliance standard and complete the questionnaire ready for your submission.
We have templates and an online tool to collect most of the data required, although we will typically need to discuss your application and may even need to visit your site/s.
Once certified, you will be entitled to display a badge on your website and elsewhere signifying that you are a safe organisation to do business with in cyber security terms. Certification must be renewed annually, but that should be a simpler task unless there have been major changes in your IT infrastructure or processes.
How can we help?
We can work with you to raise your standards where required and manage the completion of the CES questionnaire.
Finally, we would like to make it clear that we are not in the business of assessing your organisation's compliance and do not issue certificates, as that would be a conflict of interest. We have no connection with any certification body and instead will help you become compliant and then prepare the assessment responses. You can choose to be certified by any available certification body.
or call 0843 886 0505