05 Jun Cyber Essentials
At KCS Compliance we support organisations implement and retain accreditations. The following sets out Cyber Essentials and who may benefit from having this accreditation.
Cyber Essentials is an official UK wide, government-backed certification that helps companies guard against the most common cyber threats and reduce your risk by at least 80%. It also allows you to demonstrate your commitment to cyber security to prospective customers.
Being certified compliant with Cyber Essentials demonstrates to your clients and industry partners that your organisation holds itself to a high standard of cyber security, and that you maintain a strict stance on cyber security in accordance with the UK’s National Cyber Security Programme.
What’s the difference between Cyber Essentials and Cyber Essentials Plus?
The complete Cyber Essentials scheme is made up of two progressive stages – Cyber Essentials and Cyber Essentials Plus.
Cyber Essentials is the first stage and is a foundation level certification that provides a clear statement of the basic controls your organisation should have in place to mitigate the risk from common cyber threats.
Cyber Essentials Plus is the second stage, and is a more rigorous test of your organisation’s cyber security systems where our cyber security experts carry out on-site vulnerability tests to ensure that your organisation is protected against basic hacking and phishing attacks.
The level of testing required for Cyber Essentials Plus is more stringent than the testing carried out through the Cyber Essentials self-certification. Cyber Essentials Plus assessment involves two key additional elements:
- On-Site Assessment – The on-site assessment is a requirement for all companies wishing to achieve Cyber Essentials Plus. The team will visit your office(s) and thoroughly check whether the solutions you have put in place comply with the control requirements.
- Internal Vulnerability Scan – An internal vulnerability scan is a requirement for all companies wishing to achieve Cyber Essentials Plus. It involves a scan of your internal networks within the scope of your application, with a focus on workstations and mobile devices. It aims to find out whether the Cyber Essentials controls have been properly implemented and to check that known vulnerabilities have been addressed.
The difference between the two is the on-site vulnerability tests that are carried out for Cyber Essentials Plus certification. All organisations seeking certification must complete the first stage (Cyber Essentials), but some organisations, depending on their structure and the severity of the risks they face, will need to complete Cyber Essentials Plus.
Cyber Essentials Plus is commonly seen as the demonstration of an organisation’s IT maturity. We would recommend Cyber Essentials Plus if your organisation has over 250 members of staff, each with one or more connected devices. Completing the certification allows you to display the official Cyber Essentials Plus badge.
If you’d like to know more about Cyber Essentials or any other accreditation, get in touch today and we can support you through the whole process to securing an accreditation relevant to your business.