Cyber Essentials
Cyber Essentials encompasses a set of basic controls that all organizations should implement to protect against common online security threats. It was designed by the NCSC (National Cyber Security Centre) to provide a structure for protection that is easy to follow and suitable for any business, regardless of size or sector.
​
Achieving Cyber Essentials certification demonstrates commitment to cyber security, which is recognised by the ICO (Information Commissioners Office). It also provides a further degree of protection through free insurance (for businesses with less than £20million turnover).
​
To get certified, organisations need to first buy Cyber Essentials assessment, either from IASME (lead organisation) or from a Certification Body. For a microbusiness the cost is £320 + VAT. They then need to satisfactorily complete an online questionnaire about computing devices and software in their business, and the security measures associated with them. Certification Bodies offer plenty of support, to allow any business to achieve certification in a cost-effective way.
​
Regola are a Certification Body. We can manage the whole process of taking a business through the stages to certification, including assessment of your responses, and granting certification. Organisations are advised not to answer the questions until they understand what is being asked. However, those not passing first time get plenty of feedback and have 48 hours to make corrections.
Cyber Essentials Plus
Cyber Essentials Plus (CE+) is an additional certification scheme which builds on Cyber Essentials. It starts from the successfully completed Cyber Essentials Self-Assessment questionnaire, and does an audit of the organisation's IT systems. All organisations MUST have achieved Cyber Essentials certification dated up to 3 months before applying for Cyber Essentials Plus.
​
CE+ requires a more direct relationship with a certification body. It consists of an audit of your organisation's system using an approved vulnerability testing agent, used by a highly trained assessor. Regola use an authorised third-party organisation to assist with this process.
​
The goal of CE+ is to confirm that all controls and measures that have been declared in the Cyber Essentials questionnaire have actually been put into practice within the organisation's network. An organisation can then use CE+ certification to assure clients and partners that it has taken all appropriate measures to fully meet the security standards set out by the Cyber Essentials Scheme.
IASME Cyber Assurance (ICA)
Another qualification that builds on Cyber Essentials is IASME Cyber Assurance (ICA). This is not just about technical controls, but covers user controls and management controls in much more depth. The IASME Cyber Assurance standard was created through a government-funded project to offer an affordable alternative to ISO27001. It has been compared favourably against ISO27001, because it is also appropriate for smaller SMEs, even microbusinesses.
​
Like Cyber Essentials, ICA can be purchased through IASME or through a Certification Body. Regola offers ICA at both Level 1 and Level 2.
​
At level 1, ICA (like CE) is assessed by on-line questionnaire. It covers important steps like risk assessment, employee, and practical policies. It also includes strategies for resilience, such as data backup and handling incidents, while keeping up with legal requirements like GDPR.
​
At level 2, ICA adopts an audited approach, based on the same question set.
Cyber Baseline
Over a decade ago, Cyber Essentials was created to recognize good practices in the UK and Crown Dependencies. Now, IASME Cyber Baseline is here to help organizations everywhere tackle cyber threats and get certified.
It’s a budget-friendly way to show you’re serious about cybersecurity and keeping your data safe for companies outside the UK, getting this certification can really cut down on the risk of cyberattacks and boost your reputation.
​
Key Features:
​
-
An internationally recognized cybersecurity standard that builds trust with customers and partners.
-
Designed to be affordable for small and medium-sized businesses.
-
Offers a thorough assessment of your security controls.
-
You’ll get expert advice during the certification process to you put the right security measures in place. Benefits of Certification
-
Enhanced Security: By following IASME Cyber Baseline standards, you’ll adopt the best practices to minimize vulnerabilities.
-
Customer Trust: The certification shows you care about protecting your data and your clients’ data. - Competitive Advantage: Stand out from the crowd by showcasing your commitment to data security.
-
Regulatory Compliance Helps you meet data protection rules and other related standards.
The Certification Process
​
1. Self-Assessment: Fill out a self-assessment to check your current cybersecurity measures.
2. Gap Analysis: Spot any gaps in your security and get tips on how to fix them.
3. Implementation: Make the necessary adjustments to meet IASME standards.
4. Assessment: Get evaluated by an accredited certification body.
5. Certification: Achieve your IASME Cyber Baseline certificate, which is good for a year!
Get Started Today
Protect your business and gain a competitive edge over market rivals with a Cyber Security certification. Why wait?