2023 Cyber Essentials Overview
What is It?
Cyber Essentials is a UK Government backed scheme aimed to help protect your organisation against a range of the most common cyber threats around today. It is an accreditation program that requires organisations to demonstrate a certain level of IT security.
It is really the absolute basics of what every organisation should be striving for to ensure their own (and others’ safety)
The standard Cyber Essentials certification is a self-assessment questionnaire you submit to an external reviewing body to check and authorise (there is a small cost (£300) for this external review body to provide this review and accreditation)
Why is Cyber Essentials worth getting?
- Once you pass the Cyber Essentials certificate it means your organisation has considered internal security controls and is working in a safe and secure environment
- It demonstrates to your customers and supply chain that you are a secure business to work with
- If you deal with public sector contracts Cyber Essentials certification is usually a mandatory requirement due to the involvement of handling sensitive or personal information
- Most Local Authorities ask for Cyber Essentials as a minimum requirement when bidding for a contract and if you do not have it they may not consider you as a competitor
What’s Involved in gaining the Certificate?
The certification involves submitting an online questionnaire about your current IT environment and security setup.
Although most SMB’s are able to complete some of the questions, a lot of the questions are technical and require advice and assistance from your IT support provider.
If you haven’t been through the certification before it may be the case your IT environment will need some changes to make you compliant. Some of these changes can be simple changes in policies or processes, others can be upgrades of hardware or software. For example, Cyber Essentials doesn’t allow the use of non-supported software or hardware so if you use Office 2010 or have a 10 year old router that is no longer supported by the manufacturer these will fail your application.
This is where your IT support provider can be a huge help.
The general process to gain certification might be as follows :
- Your IT support provider will carry out a ‘first pass’ of the questionnaire – similar to an audit – and let you know which areas of your IT will need addressing
- Any upgrades or changes to your IT environment are carried out
- Your application is submitted
- The application is assessed by the reviewing body
- Feedback is received from the body with any further changes needed to pass. The application must be resubmitted within 48 hours
- If further changes are needed these are carried out and your application is re-submitted within 48 hours
If you’d like any further information on how we can help, please fill in the form below (or give us a call on 0121 663 0203)
Or alternatively, book a slot with me, and we can discuss on a Teams call
With the correct measures in place to protect your business, gaining Cyber Essentials accreditation is straight forward – but the process will give you peace of mind. If you have all of our recommended 10 Essentials in place, you are in a good position for CE.
Or check out the IASME website for further details – you can also download the Cyber Essentials Self Assessment questionnaire to really see what is involved
