If you need support preparing your business for Cyber Essentials or if you are ready to be independently assessed, we can help. Perspective Risk is an accredited certifying body for the Cyber Essentials scheme.
Does Cyber Essentials apply to your business?
Cyber Essentials (CE) and Cyber essentials Plus (CE+) applies to every business in the UK regardless of size. If you have Internet facing IT systems (user devices and/or servers), then this scheme will benefit you.
For businesses supplying to government, or intending to supply to government, Cyber Essentials certification became mandatory back in October 2014.
If you want to protect your reputation, avoid becoming the next statistic, and demonstrate that you take data security seriously, the Cyber Essentials scheme is for you.
What does certification against the Cyber Essentials Scheme involve?
The UK Government’s research of historical cyberattacks identified five security controls. If implemented, they will protect your organisation from common security threats.
The five areas of focus covered in the self-assessment and the independent assessment are:
- Boundary firewalls and Internet gateways
- Secure configuration
- Access control
- Malware protection
- Patch management
These controls must apply to all IT kit in scope, namely your company’s touch-points to the Internet. Typically, this includes things like desktops, laptops, mobile devices (including BYOD) and systems such as web servers, email servers or other Internet facing application servers.
Compliance with the scheme involves a self-assessment process followed by an independent technical assessment. The scheme has two levels of certification:
Cyber Essentials includes the self-assessment questionnaire, an independent review of the questionnaire and a perimeter vulnerability scan by a certifying body. Created to be low cost. A low-cost approach to cyber security.
Cyber Essentials PLUS includes the above plus a robust independent assessment of systems by a certifying body. Designed to be a deeper assessment. This level of certification is mandatory for many contracts, particularly government and NHS tenders, as the independent assessment of your technical controls is more thorough.
By complying with the CE scheme, you will protect your business from key threats including:
- Phishing: malware infection through users clicking on malicious e-mail attachments or website links
- Hacking: exploitation of known vulnerabilities in Internet connected servers and devices, using widely available tools and techniques
What does Cyber Essentials cost?
At its most basic level, Cyber Essentials is free. You can self-assess without having to apply for certification. We’ve shared links to helpful resources – including the self-assessment questionnaire, at the foot of this page.
If you are considering certification but are restricted by budget, get in touch as we have a solution for you.
What can you gain from Perspective Risk’s Cyber Essentials Consultancy and Assessment services?
- Confidence that you have the appropriate controls in place for your company to defend itself against common cyberattacks
- Verification of the scope and guidance when completing the self-assessment questionnaire
- Preparation for the external technical assessments
- As a certifying body, we can conduct the technical assessments for your certification to the Cyber Essentials scheme
Why choose Perspective Risk to help you with the Cyber Essentials scheme?
- We are an accredited certifying body for the Cyber Essentials scheme
- Many years of experience in the standards the Cyber Essentials scheme is based on
- You receive a tailored assessment that applies to your business and which is relevant to the threats you face, not a generic assessment
- We provide comprehensive remedial advice for every issue or gap in your security regime we identify