What is it about?
There are many threats to your IT systems and an increasing number of bad actors intent on exploiting weaknesses in your technology and practices. To counteract those threats, you not only need the latest hardware and software, you also need competent IT staff and suppliers to maintain the security of that equipment and the data it processes. Last, but not least, you need to ensure that your staff are cybersecurity aware as they are often seen as the weakest link and the target of exploits such as phishing attacks.
Your organisation may need certification to prove that it maintains acceptable standards of IT infrastructure and security practices. The UK Cyber Essentials scheme, developed by the NCSC (National Cyber Security Centre), provides a baseline assessment in those areas.
Certification is based on expert assessment of a comprehensive questionnaire covering your network, IT infrastructure and IT management practices. Adopting the scheme could help you improve your cybersecurity whilst providing assurance for your clients, potential customers, and possibly the public. We are finding that Cyber Essentials certification is an increasingly common requirement in tendering exercises, particularly in the public sector.
There is also a Cyber Essentials Plus scheme based on the Essentials version, but an additional independent audit of your network infrastructure. The latter incurs a significant extra cost, but there are benefits to this higher level certification is achieved, such as exemptions to some elements of the NHS Data Security & Protection Toolkit assessment.