Cyber Essentials Certification

Cyber Essentials Certification

The Cyber Essentials scheme is a simple yet effective, Government backed framework that will help protect your organisation against a range of the most common Internet-based cyber attacks. It provides a cyber security certification scheme that was developed as a part of the UK Government’s National Cyber Security Strategy. The Cyber Essentials scheme specifies the (5) basic control areas that all organisations should address in order to mitigate the risk from common cyber threats and demonstrate a clear commitment to improving their approach to cyber security. The controls are based on research conducted, which demonstrated that the majority of breaches occur as a result of a weakness in one or more of 5 key areas. These 5 areas, described below, form the basis of the Cyber Essentials controls.

The 5 Technical Control Areas

Access control

Ensuring accounts, particularly administrator and privileged accounts, are monitored regularly and provide access only to the level appropriate to that individual

Secure configuration

Choosing and applying the most secure settings for your devices and software by changing passwords and removing unused accounts and software

Software updates

Ensuring software and operating systems are regularly checked and updated with the latest patches to protect against vulnerabilities

 

Malware protection

Ensuring against a broad range of cyber security threats, including computer viruses, worms, spyware, botnet software and ransomware, by ensuring effectively configured anti-malware software and only allowing trusted applications

 

Firewalls and routers

Creating a ‘buffer zone’ between your IT network or assessed secure area and other networks, so that incoming traffic can be analysed to establish whether or not it should be allowed onto your network

From 01 April 2020, the IASME Consortium (IASME) officially became the sole National Cyber Security Centre (NCSC), a part of GCHQ, Cyber Essentials Partner and URM is delighted to have been assessed and confirmed as a certification body (CB). The scheme offers two levels of certification.

Your certification options:

Cyber Essentials

An independently verified self-assessment. An online self- assessment questionnaire to be completed by the organisation and then assessed by URM.

Cyber Essentials Plus

Cyber Essentials Plus does not involve any additional controls, but a more robust examination to ensure that your IT infrastructure is secure and the cyber solutions you have in place comply with the requirements of the cyber assessment.

In addition to the verification of the self-assessment questionnaire, Cyber Essentials Plus involves a technical audit of the systems that are in-scope of the assessment. It includes a review of a sample set of user devices, all Internet gateways and all servers accessible to Internet users.  The assessor will select a random sample of systems, typically around 10%.  It also involves conducting an internal vulnerability test on your IT infrastructure, focusing on the security of workstations and mobile devices (including BYOD). Cyber Essentials Plus provides a greater level of assurance than the self-assessed level.

Although implementing Cyber Essentials is relatively straightforward, some organisations may need help in understanding what the controls mean for them and how to address them.  If this is the case for your organisation, URM can support you through the process and help you achieve certification.  URM has a large team of qualified assessors and is able to provide you with independent support and verification by different assessors.

Benefits of Certification:

  • Reassure and demonstrate to customers that you take cyber security seriously
  • Be listed in the National Cyber Security directory
  • Attract new business with the assurance that you have cyber security measures in place
  • Meet prerequisite requirements for participation in government contracts

Why URM?

URM has been providing certification to the cyber essentials scheme for a number of years and has a large team of experienced, pragmatic assessors who are here to support you and guide you through the process.  Not only do we bring a wealth of cyber security knowledge, but also a wide and varied experience of all the leading cyber and information security standards.  As such, you can be assured that you are getting advice that is right for you and your organisation, taking into account your sector, size and the information you are looking to protect.  In addition, our large team of assessors enables us to guarantee a super-fast turnaround.