Cyber Essentials
Cyber Essentials is a set of basic technical controls organisations should have in place to protect themselves against common online security threats.
Cyber Essentials is suitable for all organisations, of any size, in any sector.
As well as helping to guard your organisation against cyber attack, Cyber Essentials demonstrates your commitment to cyber security to your customers and suppliers.
What is the process?
You fill in a questionnaire, which asks questions about your business, what devices you use and what security measures you have in place. These answers are then assessed by a certification body such as ourselves and if satisfactorily answered you are awarded the certification. If not the questionnaire is returned to you with some corrections to be actioned. Regola will be there to guide you every step of the way.
​
Cyber Assurance
Cyber assurance is a comprehensive, flexible and affordable cyber security standard that provides assurance that an organisation has put in place a range of important cyber security, privacy and data protection measures. It aligns directly with the UK Government’s 10 steps to Cyber Security with additional Data Privacy controls and offers smaller companies within a supply chain a ‘right sized’ approach to show their level of information security for a realistic cost.
Important cyber security measures are included such as assessing and managing risk, training people and setting practical policies and procedures. Key resilience strategies are covered and include backing up data, business continuity planning and incident response. Legal and regulatory requirements are also addressed such as your country’s implementation of GDPR (in the UK this is the Data Protection Act). Furthermore the IASME Cyber Assurance standard was developed over several years during a government funded project to create a cyber security standard which would be an affordable and achievable alternative to the international standard, ISO 27001.You must have cyber essentials first in order to achieve cyber assurance.
Cyber Essentials Plus
Cyber Essentials Plus is an expansion of the Cyber Essentials Self-Assessment questionnaire which includes an audit of the organisations IT systems. This is then submitted to and marked by a certification body. All organisations MUST have Cyber Essentials Verified Self-Assessed certification dated within 3 months prior to applying for Cyber Essentials Plus.
Cyber Essentials Plus consists of an audit of your organisations system by a highly trained assessor. The goal of said assessment is to confirm that all controls and measures that have been declared in the Cyber Essentials questionnaire have actually been put into practice within the organisation's network. By undertaking and completing Cyber Essentials Plus, you can declare that your organisation has taken the appropriate measures to meet baseline security standards set out by the Cyber Essentials Scheme.
The key elements of a Cyber Essentials Plus assessment are:​
-
A vulnerability scan will be performed on selected machines to confirm patching and basic configuration is at an acceptable level.
-
An external port scan of your internet facing IP addresses will be conducted to ensure no clear and obvious misconfigurations or vulnerabilities can be identified.
-
A test will be conducted on your default email/internet browser to confirm how well configured they are to prevent execution of malicious files.
-
Screenshots will be taken as evidence that the system is Cyber Essentials compliant.
Should there be any issues identified that require remediation, there is an extended period of 30 days with this package. Failure to complete remediation in this time will result in a fail.
Upon achieving a successful certification your organisation will be provided with a certificate that is valid for 12 months from pass date. Additionally, you can also choose to be added to a list of Cyber Essentials certified companies, however this is optional, but this can advertise your organisation's compliance to the Cyber Essentials Scheme.
