Cyber Essentials Certification
The presence of cyber crime in the modern world is fast evolving and is a threat which is at the top of every organisation’s technology risks. In conjunction with CESG, the information security arm of GCHQ, the UK Government has developed the Cyber Essentials Scheme for organisations of all sizes looking to confirm they have correctly implemented cyber security controls. Through the Scheme, your organisation can verify its cyber security protection measures across 10 key areas.
In essence, these 10 areas cover the following 5 mitigation strategies against cyber risks:
- Boundary Firewalls and Internet Gateways
- Access Control
- Secure Configuration
- Malware Protection
- Patch Management
The Cyber Essentials scheme has been developed by Government and industry to fulfil two functions. It provides a clear statement of the basic controls all organisations should implement to mitigate the risk from common internet based threats, within the context of the Government’s 10 Steps to Cyber Security. And through the Assurance Framework it offers a mechanism for organisations to demonstrate to customers, investors, insurers and others that they have taken these essential precautions.
Why Certify to Cyber Essentials?
Gaining the Cyber Essentials Certificate can provide your organisation, and your stakeholders, with the confidence that your cyber security controls have been correctly implemented and that you have successfully taken the first steps in securing your assets against cyber threats. Cyber Essentials is a proven, cost-effective option for organisations of any size to establish basic cyber security and to demonstrate that the cyber security issue is taken seriously.
If you want to secure specific Government contracts relating to the handling of sensitive data and the delivery of a range of IT products or services, Cyber Essentials certification is mandatory requirement. It is also a pre-requisite for organisations who wish to elevate their certification to Cyber Essentials Plus.
URM as a Cyber Essentials Certification Body
URM has been accredited as a Cyber Essentials certification body by APMG, one of the UK Government approved accreditation bodies. Cyber Essentials certification is awarded upon completing a verified self-assessment. Ostensibly, you can attain the basic Cyber Essentials certification by completing a questionnaire which is aimed at assessing your organisation’s cyber security control implementation and whether your controls satisfy the UK Government’s ‘Requirements for basic technical protection from cyber-attacks’. URM, in its role as an accredited certification body then verifies the completed questionnaire to confirm that a suitable standard of control effectiveness has been achieved. Once this verification has been completed, the Cyber Essentials certification is then awarded by APMG.
It has recently been announced by the National Cyber Security Centre (NCSC) that as from April 2020, that it will be partnering with just one accreditation body, i.e. IASME.
More information can be found here: https://www.cyberessentials.ncsc.gov.uk/blog-post/iasme-consortium-new-cyber-essentials-partner.
URM is very much looking forward to working with IASME as we look to seamlessly transfer over certifications. We will also be in a position to offer Cyber Essentials Plus when we transition.
For further information on the certification process, or to request information regarding registration for certification, please contact firstname.lastname@example.org