What is Cyber Essentials?
The government backed Cyber Essentials scheme is designed to be a light touch to help businesses protect themselves against 80% of the most common cyber attacks
Who is Cyber Essentials for?
Cyber Essentials is relevant for businesses of all sizes and comprises of five key controls that when implemented provide a base line for cyber security.
It is mandated for some Government contracts and MOD supply chain
How do I achieve it?
You will need to complete a self assessment questionnaire. (sample cyber essentials questionnaire).
You will need to contact a certification body to ask them to provide you with a questionnaire to complete. Details of certification bodies will be found by looking at accreditation bodies .
The questionnaire starts by requiring you to identify the scope that you would like the certification to include.
Once completed the questionnaire is signed by a board level as approved and submitted to your certification body for verification that you have achieved the requirements of the scheme. Once approved you will receive your certification and will be able to use the Cyber Essentials Badge. This will demonstrate that you have achieved the standard.
How much does it cost?
Certification can be from as little as £300. The controls in the questionnaire will provide a minimum standard even if you do not require the certificate.
Next steps – Cyber Essentials Plus
Cyber Essentials Plus follows the same initials steps, but will then involves onsite verification of the controls and an external and internal vulnerability scan to ensure that these have been implemented to the required standard.
The site visit and scans will be carried out by the certification body. The cost for this varies from certification body to certification body, and will depend on the scope and number of sites required to be tested. A starting guide would be approximately £1200 for a single site with less than 10 users, plus travel expenses.
Roz Woodward is Chair of the South West Cyber Security Cluster and a co-founder of cyber security compliance company Securious.