The Cyber Essentials scheme was launched in 2014 to promote cyber safety measures to ensure the safe handling, processing and storage of data for all businesses within the public supply chain. Substantial growth within the public sector has meant that the scheme is now a mandatory requirement in Scotland, as part of the Public Sector Cyber Resilience Plan, which requires all public bodies to put cybersecurity measures in place across their organisations.
Accreditation is suitable for all companies in any sector who handle client information and have a desire to increase their IT infrastructure security throughout their business.
Companies who look to implement the Standard work in sectors including legal, marketing, IT, manufacturing, E-commerce and medical.
Companies who implement the Cyber Essentials scheme show their ongoing commitment to fighting cyber-crime and give their clients confidence in their practices when handling and storing data. The Standard is also a valuable tool for contract tender applications.
In addition to this, Cyber Essentials is now listed as one of the key elements involved with Lexcel V6.1 for legal practices throughout the UK.
Cyber Essentials requires sound basic information security hygiene measures, which when implemented properly can significantly reduce the risk of vulnerability to cyber threats.
Applicable to organisations of any size or type the scheme has five critical controls.
Centre for Assessment offers three levels of assessment and certification for the Cyber Essentials scheme. Each assessment type offers different benefits and is applicable to a wide range of companies and industries.
Take a look at the table below to see which level of support suits your needs.
Cyber Essentials Basic is a self-assessment driven scheme, whereby applicants review their IT infrastructure via an application document. Once completed, this is then returned to Centre for Assessment for review. This scheme is recommended for smaller businesses looking for entry-level cyber protection compliance.
Cost: £300.00 + VAT
Cyber Essentials Plus offers a much more comprehensive assessment, whereby applicants complete and return a more in-depth application document, which assesses IT infrastructure in greater detail. This assessment type also involves penetration testing, mobile device testing and on-site assessment by an ACE registered assessor, who will access the required network and test for any weaknesses or vulnerabilities that may not have been previously found. A full, comprehensive report is then given to the client to highlight findings during the assessment, and any improvements that need to be made to ensure quality Cyber Security. This is then reviewed by the assessor and certification can then be awarded pending results.
Cost: £2,500.00 + VAT
The new EXTRA scheme covers all the important details of both the Basic and Plus levels of assessment, however, this also includes a full pre-assessment evaluation of client systems, which is then fully reported on. We then work with clients to help improve and manage systems from the findings of the pre-assessment and help to ensure that any issues are rectified. Once satisfied, you would then be assessed under the scheme rules, following the same process as Cyber Essentials PLUS. If for any reason the standard is not met, this level of assessment will also cover a FREE re-assessment to ensure that clients are given ampler opportunities to ensure that their systems meet the scheme rules. This is recommended for companies that are looking to ensure that they meet the standard with as much support and information as available.
Cost: £3,250.00 + VAT