What is Cyber Essentials?
Cyber Essentials is a UK Government backed scheme suitable for organisations of all sizes. It includes a formal certification showing adherence to a basic set of information security controls.
It is designed to be a base line for cyber security and help give confidence that the organisation being assessed is effectively addressing the cyber security risks that could lead to the loss of confidential data or other business disruption.
Cyber Essentials is achieved after a self-assessment questionnaire is completed and sent for review, along with supporting evidence, to a Certification Body under the signature of a senior director, stating that all the criteria have been met. The Certification Body will assess the questionnaire to verify that the controls have been met.
Cyber Essentials Plus requires your company to pass an on-site and external vulnerability assessment performed by the Certification Body. Cyber Essentials Plus will give an extra level of assurance that the requirements have been independently verified by the Certification Body.
Ready to get started with Cyber Essentials or have questions? Let us know now…
How much does Cyber Essentials cost?
We have two basic levels of pricing – £295 and £495 – depending on how much input is required.
The £295 level is for companies who are ready to go and are confident they reach the standards required without the need for telephone support. Typically these will already have an ISO 27001 in place, and may be using a QG ACE practitioner to assist them.
The £495 level is for companies who need our assistance to guide them through the questionnaire and explain the intent of the questions. It offers up to two hours of telephone support and we also offer an external vulnerability scan within this fee to provide them with greater reassurance.
If in doubt which level would apply, please call or email to discuss further.
What is the process for Cyber Essentials?
- Firstly you will need to answer a self-assessment questionnaire which we will send to you.
- We will also provide a detailed guidance document to assist you with the completion of the questionnaire.
- Your responses will be reviewed to ensure that you meet the requirements and we will come back to you if we believe further clarification is required.
- Once the questionnaire, signed as approved by board level (or equivalent), has been successfully verified by us, your Cyber Essentials certificate & badge will be issued.
See an example of the Cyber Essentials questionnaire:ceq_sample-for-website
What next once I have Cyber Essentials?
- Cyber Essentials Plus will provide a more thorough assessment and will require a certification body, such as Securious, to independently check you have adequately implemented the controls.
- Cyber Essentials Plus requires that your compliance with the standard is independently validated on site by a certifying body such as Securious, to ensure that you comply with the standard.
- Then, an external vulnerability scan will be conducted which will also feed in to the assessment. Once the questionnaire has been signed and reviewed, and the scan conducted successfully, Securious will complete a report and submit to our Accreditation body. Once complete, your Cyber Essentials Plus certificate & badge will be issued. (By the way, Cyber Essentials is not a pre-requisite for Cyber Essentials Plus)
What does Cyber Essentials test then?
- Boundary firewalls and Internet gateways: Your network should have a properly configured firewall
- Secure configuration: Default configurations are often vulnerable, and devices should only offer the services necessary to fulfil their intended role
- User access control: Only authorised users and administrators should be allowed. Access should be provided at the minimum level required for all systems.
- Malware protection: Protection is required against computer viruses, spyware and other unauthorised or malicious software.
- Patch management: Software and systems should have the latest security patches installed.
How can Securious help?
Securious is a Certification Body based in Exeter, Devon and is ideally placed to help you achieve Cyber Essentials or Cyber Essentials Plus certification.
For Certification body status, Securious completed a rigorous assessment by QG Management Standards to ensure that we meet the scheme’s strict requirements to allow us to assess companies to the required standards.
With the ever increasing emphasis on Cyber Security for businesses and alignment to the UK Government Cyber Security Strategy, this is an ideal time to engage with a professional local South West business to help you demonstrate to customers, investors, insurers and others, that you have taken essential precautions to reduce your organisation’s vulnerability.
Optional external scan
Securious can also offer an external scan to test for vulnerabilities in your network perimeter.
If purchased at the same time as Cyber Essentials, this costs just £100 (+vat).