Cyber Essentials FAQs
Learn Everything you Need to Know about Cyber Essentials Certification with our Cyber Essentials FAQs
Cyber Essentials certification is designed to help businesses protect against the most common cyber threats. Understanding the process and how long it takes to achieve Cyber Essentials can help companies get up and running faster, protecting their data and networks from potential attackers.
Cyber Essentials is a government-backed certification developed by the National Cyber Security Centre (NCSC). It’s designed to give companies a basic level of protection against the most common cyber threats. The certification is focused on five key areas; patch management, firewalls, secure configuration, user access control and malicious software prevention. Getting Cyber Essentials certified can help companies protect their systems from attacks and breaches.
Basic Cyber Essentials certification is undertaken through self assessment via an on-line portal. Organisations assess themselves against the five basic security controls and then a qualified assessor, such as ourselves, verifies the information you have provided and if you are successful you will be awarded a certification. Cyber Essentials Plus provides a higher level of assurance but this time an assessor will carry out a technical audit of your systems to verify that the Cyber Essentials controls are in place.
The amount of time it takes to get Cyber Essentials certified depends on the complexity of the system and the number of controls that need to be in place, plus the level of effort and resource you can apply to preparing and submitting the assessment. If your self assessment passes then you will receive certification within 24 hours. If further work is required then certification will take longer. Generally, however, the process should take between seven and fourteen days to complete. The certification is valid for one year, so you’ll need to renew your certificate annually to maintain its validity.
The cost of the basic Cyber Essentials Certification can vary depending on the size and type of your business. Generally, however, it’s a one-time fee with no additional costs. For small organisations, the Cyber Essentials self assessment certification typically costs £300 + VAT, for larger organisations £500 +VAT. The cost of Cyber Essentials Plus Certification once again depends on the size and complexity of your network and so you will need to request a quote for this.
In order to be certified, companies need to meet five different security controls. These are delivering secure configuration of each device tested, protecting against malicious software, managing patches and application updates, implementing strict user access control policies, and restricting external access to services. Companies must also demonstrate that they have the necessary procedures in place to respond to any potential cyber-attacks they might face.
Preparing for certification is the key to achieving it. Companies should start by taking a look at the Cyber Essentials self assessment questions, which are available here. In addition, The IASME Consortium, who are the National Cyber Security Centre’s sole Cyber Essentials partner responsible for delivering the scheme, have prepared a handy readiness tool which is designed to help you think about cyber security within your organisation.
> Cyber Essentials Readiness Tool
> View the Self Assessment Questions
Infosec Partners are trained and licensed by IASME to certify against the Government’s Cyber Essentials Scheme. We also offer consulting services to help you achieve Cyber Essentials Certification, please get in touch if you need further support.
In addition, we are a formal certification body and assessor organisation for not only Cyber Essentials but also for Maritime Cyber Baseline scheme and the IASME Cyber Assurance scheme, so get in touch for a chat if you would like more information.