Cyber Essentials is aneffective scheme, backed by the UK government designed to help organisations of all sizes follow a path to protect themselves against a range of the most common and current cyber security threat. It also demonstrates the commitment of an organisation to cyber security. There are 2 levels of certification: Cyber Essentials and Cyber Essentials Plus. It should be noted that many government contracts would require a supplier to have a Cyber Essentials certification.
The primary reason to attain Cyber Essentials certificated status is to demonstrate to your clients, prospects and partners that your organisation takes cyber security seriously, and that you have taken steps to secure your in-house IT while keeping the approach simple and the costs low. If your firm has the Cyber Essentials certification it will be protected against approximately 80% of common cyber attacks, allowing you to focus on your core business objectives. And if that objective is to source new clients, particularly larger clients that take third-party risks properly, this independent verification of your cyber security approach offers tangible proof that you will pose any threat during digital interactions. Furthermore, if you want to apply for government contracts Cyber Essentials certification is likely to be a mandatory requirement, and the Ministry of Defence now mandates that Cyber Essentials is a requirement, not just for all its new suppliers, but their relevant supply chains also.
For the lower certification organisations complete a self-assessment questionnaire which is then signed off by the appropriate signatory within the organisation. This is then verified by an independent party such as Labyrinth Technology, that is trained and licesned to certify against the governnemt’s scheme. Cyber Essentials Plus requires a technical audit of specific systems, and provides a more advanced level of assurances. There is also the requirement to also pass an on-site assessment, an internal vulnerability scan and an external vulnerability scan, all conducted by the certification body.
Yes. Labyrinth Technology are trained and licensed to deliver Cyber Essentials and Cyber Essentials Plus certifications, and only the organisations that are licensed to do so can conduct assessments.
It is possible to get from application to Cyber Essentials certification within a day or two, but this depends entirely on your current cyber security profile and ability to address the points raised during the process. In reality, most organisations take around 14 days from application to complete the assessment and receive certification. Because of the need to achieve a higher level of assurance, as well as the need to arrange the internal security assessment and external scan, this process of becoming Cyber Essentials certificated will usually take longer than 14 days.