CYBER ESSENTIALS
ASSURANCE SCHEME
Cyber Essentials is a simple but effective government-backed certification scheme, managed by the NCSC (National Cyber Security Centre).
Designed to help businesses of all sizes protect themselves from the most common cyber threats, a 2023 GOV.co.uk survey reported that 32% of businesses overall recall any breaches of attacks from the last 12 months.
A cyber attack can maliciously disable devices, steal data, or use a compromised device as a launch point for other attacks. But it can also do so much more than that. The long term implications are huge. A security incident can have devastating consequences when taking into account lost revenue, lost customer and employee trust, regulatory fines and damage to an organisation’s reputation.
SECURING YOUR ORGANISATION
The scheme focuses on 5 different areas of cyber security, which when correctly deployed, will protect your organisation from the most common cyber security threats:
1. Firewalls – Helps ensure that your boundary firewalls are configured to allow only authorised inbound and outbound traffic.
2. Secure configuration – Certifies that security controls have been agreed upon and implemented will help to reduce configurations in default settings.
3. User access controls – Ensures that user accounts are configured with only the level of access which is needed.
4. Patch Management – Makes sure that all software is kept up to date with the latest security updates.
5. Malware management – Guarantees you have proper malware protection in place on all devices.
Business Benefits
- Reassures staff, customers and partners that you are working to secure your organisation against cyber attacks
- Gives confidence that you are taking steps to protect sensitive data held within your organisation
- Indicates a clear picture of the level your organisation is currently achieving in their Security posture
- Helps attract new business with the promise you have the appropriate cyber security measures in place
- Confirms the green light for planning bids in central government contracts due to requiring this Certification
Self Assessment
Certification offers a self-assessment option that gives you peace of mind that your defences will protect against the vast majority of common cyber attacks, and will deter unwanted attention from more sophisticated attacks. Cyber Essentials self-assessment certification costs £300+ vat, and if successful certification is valid for 12 months.
Cyber Essentials certification is undertaken through self-assessment via an on-line portal. Organisations assess themselves against the five basic security controls and then Acora, as a qualified assessor, verifies the information you have provided and if you are successful you will be awarded a certification. The Cyber Essentials new self assessment question set is here. Please note these questions are for information only. If you want to be assessed you cannot simply submit the question sets to us. You must apply online for an assessment and submit your answers through the portal.
IASME is the NCSC’s Cyber Essentials Partner, responsible for the delivery of the scheme. Acora are trained and licensed by IASME to certify against the Government’s Cyber Essentials Scheme. We are also available to offer consulting and support services to help you achieve certification.
Scheme Benefits
- It shows your commitment to security; demonstrating to your business partners, regulators and suppliers that you take cyber security seriously.
- It is a mandatory requirement for government suppliers and for all public service contracts.
- It enables you to safeguard commercially sensitive data.
- It protects your company’s profits and reputation by avoiding the financial implications any negative publicity associated with a cyberattack.
- It gives you a competitive advantage, particularly in comparison to rivals without accreditation.
Supporting you through each step
Some of the self-assessment questions can be difficult to understand if you do not have a technical IT background or have a complex company IT structure.
As a Cyber Essentials Certification Body, Acora offer a consultancy support service to help you through each step of the Cyber Essentials certification process.
If your organisation needs additional support in completing and submitting the assessment we can also provide Pre-assessment and Management support on your behalf.
Support Service
- Help you understand the assessment questions and how they relate to your organisation
- Identify what steps you need to take in order to achieve certification
- Work with you to identify and resolve any potential areas of weakness
- Pre-assessment checks to highlight any areas that require attention before submission
EXTEND YOUR CERTIFICATION
Cyber Essentials PLUS is the highest level of certification offered under the certification scheme.
This extended certification also covers the 5 core areas of cyber security, however it involves a more rigorous hands-on verification of an organisation’s cyber security systems. A series of tests and vulnerability scans are undertaken by our trained cyber security assessors, to confirm that all controls declared in self-assessment are implemented on your organisation’s network.
All organisations must have Cyber Essentials Verified Self-Assessed Certification dated within 3 months prior to applying for Cyber Essentials PLUS, alternatively, you can complete the online self-assessment as part of the overall certification.