Cyber Essentials
An Overview About The Certification
Empowering Security
What is the Cyber Essentials scheme?
The Cyber Essentials scheme is a UK government-backed framework supported by the NCSC (National Cyber Security Centre). It sets out five basic security controls that can protect organisations against 80% of common cyber attacks.
The scheme is designed to help organisations of any size demonstrate their commitment to cyber security – while keeping the approach simple and the costs low.
The certification process is managed by the IASME Consortium (IASME), which licenses certification bodies to carry out Cyber Essentials and Cyber Essentials Plus certifications.
What is the Cyber Essentials self-assessment questionnaire?
To achieve Cyber Essentials certification, you must complete a Cyber Essentials SAQ (self-assessment questionnaire).
The SAQ questions relate to each of the five Cyber Essentials security controls:
- Secure configuration
- Firewalls
- User access controls
- Security update management
- Malware protection
From 24 January 2022, the SAQ has been expanded to include home working, the use of BYOD (bring your own device) and Cloud services.
Applicants must confirm they’ve read the updated Requirements for IT infrastructure document as part of their application.
What are the benefits of Cyber Essentials?
Win new business
Boost your reputation and attract new business by assuring customers you take cyber security seriously and have cyber security measures in place.
Demonstrate supply chain security
Achieving Cyber Essentials certification will help you demonstrate your commitment to data protection and cyber security.
Work with the UK government and MOD
Cyber Essentials will permit you to work with the UK government and Cyber Essentials Plus will allow you to work with the MOD.
Be listed on the National Cyber Security Centre’s database
Cyber Essentials certificates issued in the previous 12 months will be displayed on the IASME website, showing suppliers your commitment to protecting your and your customers’ data. The NCSC (National Cyber Security Centre) has reviewed what influence Cyber Essentials has on cyber security attitudes and behaviours. It found:
- 93% of certified organisations are confident that they are protected against common, Internet-based cyber attacks;
- 61% of certified organisations say they are more likely to choose suppliers with Cyber Essentials or Cyber Essentials Plus certification; and
- Certified organisations are more likely to implement cyber security controls beyond the scheme’s five controls, and are more aware of the risks posed by cyber attacks.