What is it about?
There are many threats to your IT systems and an increasing number of bad actors intent on exploiting weaknesses in your technology and practices. To counteract those threats, you not only need the latest hardware and software, you also need competent IT staff and suppliers to maintain the security of that equipment and the data it processes – both yours and that of your clients. Last, but not least, you need to ensure that your staff are cybersecurity aware as they are often seen as the weakest link and the target of exploits such as phishing attacks.
If your organisation needs to prove that it maintains acceptable standards of IT security, you may seek some form of certification. At a basic level the UK Cyber Essentials scheme, developed by the NCSC (National Cyber Security Centre), provides a baseline against which to assess your IT infrastructure and practices.
The scheme involves the completion of a comprehensive questionnaire incorporating details of your network, IT infrastructure and IT management practices which is assessed by experts. Adopting this scheme could help you improve your cybersecurity and at the same time assure your clients, potential customers, and possibly the public, that you are ‘safe to deal with. We are finding that Cyber Essentials certification is an increasingly common requirement in tendering exercises, particularly in the public sector.
There is also a Cyber Essentials Plus scheme that is largely the same as the basic version, but in addition to the completion of a comprehensive questionnaire it involves the independent auditing of your network infrastructure. The latter incurs a significant additional cost, but if certification is achieved, there are exemptions to some elements of the NHS Data Security & Protection Toolkit assessment.
How hard can it be?
- Cyber Essentials is renewable annually
- There is a fee of between £300 and £500 + VAT depending on organisation size
- It involves completing a complex questionnaire
- There is a Plus version that involves additional external auditing
How can we help?
We can assist you with
- Infrastructure reviews
- Reviews of your data handling practices
- Staff cybersecurity awareness and training
- Completion of a Cyber Essentials submission
- Incident management