Cyber Essentials

Cyber Essentials assurance scheme

Helping to protect your organisation from cyber attacks

Cyber Essentials is a simple but effective government-backed certification scheme, managed by the NCSC (National Cyber Security Centre), designed to help businesses of all sizes protect themselves from the most common cyber threats.

A GOV.co.uk survey in March 2021 reported that nearly 40% of UK businesses and charities reported a cyber-attack during the previous year, and it’s not just big businesses being targeted, small businesses are at risk too.

A cyber attack can maliciously disable devices, steal data, or use a compromised device as a launch point for other attacks. But it can also do so much more than that. The long term implications are huge. A security incident can have devastating consequences when taking into account lost revenue, lost customer and employee trust, regulatory fines and damage to an organisation’s reputation.

Cyber Essentials demonstrates a commitment to cyber security

Cyber Essentials helps you to guard your organisation against cyber attack plus gives reassurance to your stakeholders that your organisation is serious about cyber security:

• Reassure staff, customers and partners that you are working to secure your organisation against cyber attacks
• Give confidence that you are taking steps to protect sensitive data held within your organisation
• Provides your management team with a clear picture of your organisation’s cyber security level
• Helps you to attract new business with the promise you have the appropriate cyber security measures in place
• If you are planning to bid for central government contracts which involve handling sensitive and personal information, you will require Certification

Cyber Essentials focuses on the most common cyber threats

The scheme focuses on 5 different areas of cyber security, which when correctly deployed, will protect your organisation from the most common cyber security threats:

1. Firewalls – ensuring that your boundary firewalls are configured to allow only authorised inbound and outbound traffic
2. Secure configuration – ensuring that security controls have been agreed upon and implemented will help to reduce configurations in default settings
3. User access controls – making sure that user accounts are configured with only the level of access which is needed.
4. Patch Management – ensuring that all software is kept up to date with the latest security updates
5. Malware management – Making sure you have proper malware protection in place on all devices

Cyber Essentials can be gained through self assessment

Certification offers a self-assessment option that gives you peace of mind that your defences will protect against the vast majority of common cyber attacks, and will deter unwanted attention from more sophisticated attacks. Cyber Essentials self assessment certification costs £300+ vat, and if successful certification is valid for 12 months.

Cyber Essentials certification is undertaken through self assessment via an on-line portal. Organisations assess themselves against the five basic security controls and then Infosec Partners, as a qualified assessor, verifies the information you have provided and if you are successful you will be awarded a certification. If you started the certification process before 24 April 2023, the self assessment questions are available to view here.  For oganisations starting the certification process after 24 April 2023 the new question set is here. Please note these questions are for information only. If you want to be assessed you cannot simply submit these question sets to us. You must apply online for an assessment and submit your answers through the portal.

IASME is the NCSC’s Cyber Essentials Partner, responsible for the delivery of the scheme. Infosec Partners are trained and licensed by IASME to certify against the Government’s Cyber Essentials Scheme. We are also available to offer consulting and support services to help you achieve Cyber Essentials Certification.

Take the stress out of self assessment certification

Some of the self-assessment questions can be difficult to understand if you do not have a technical IT background or have a complex company IT structure.

As a Cyber Essentials Certification Body, Infosec Partners offers consultancy support to help you through each step of the Cyber Essentials certification process:

• to help you understand the assessment questions and how they relate to your organisation
• identify what steps you need to take in order to achieve certification
• work with you to identify and resolve any potential areas of weakness

If your organisation needs additional support in completing and submitting the assessment we can also:

• perform a pre-assessment check to highlight any areas that require attention before you submit your final assessment
• carry out self assessments on behalf of existing clients

Extend your  Certification with Cyber Essentials PLUS

Cyber Essentials PLUS is the highest level of certification offered under the Cyber Essentials scheme.

This extended certification also covers the 5 core areas of cyber security however it involves a more rigorous hands-on verification of an organisation’s cyber security systems. A series of tests and vulnerability scans are undertaken by our trained cyber security assessors, to confirm that all controls declared in Cyber Essentials self-assessment are implemented on your organisations network.

All organisations must have Cyber Essentials Verified Self-Assessed certification dated within 3 months prior to applying for Cyber Essentials PLUS, alternatively, you can complete the online Cyber Essentials self-assessment as part of the Cyber Essentials PLUS certification.