Cyber Essentials Scheme
The Cyber Essentials scheme provides businesses small and large with clarity on good basic cyber security practice. By focusing on basic cyber hygiene, your company will be better protected from the most common cyber threats.
Cyber Essentials is for all organisations, of all sizes, and in all sectors and you’re encouraged to adopt the requirements as appropriate to your business. The scheme is not limited to companies in the private sector, but is also applicable to universities, charities, and public sector organisations.
Cyber Essentials is mandatory for central government contracts advertised after 1 October 2014 which involve handling personal information and providing certain IT products and services
The Cyber Essentials scheme has been developed as part of the UK’s National Cyber Security Programme and in close consultation with industry.
Cyber Essentials certification provides a basic level of confidence. It relies on the organisation having the skills necessary to answer a set of in-depth questions that are then verified by a Certification Body
Cyber Essentials Plus
Cyber Essentials Plus certification is only awarded when the controls implemented under the Cyber Essentials scheme are subjected to vulnerability testing through the use of an independent testing regime (PEN Testing), therefor offering a higher level of assurance.
Whether your organisation seeks to attain either of these or simply to self-assess and apply the controls will depend on your business drivers and the level of rigour you need or want to demonstrate.
Cyber Essentials is FREE to download and any organisation can use the guidance to implement essential security controls, but some may want or need to gain independent assurance that they have fully deployed the controls. Organisations that have been successfully independently assessed or tested through the scheme’s assurance framework will attain a Cyber Essentials certification badge.