Contact Us

Cyber Essentials

Cyber Essentials is an industry supported certification scheme developed by the UK Government. The certification scheme provides criteria for organizations to measure their cyber-security systems. Achieving certification in Cyber Essentials therefore provides confidence and reassurance that the certified organization has covered the essential cyber security precautions.

Why was Cyber Essentials introduced?

The cyber space climate is such that instances of cyber security breaches are becoming increasingly frequent.  Many organizations are making the wise move of implementing controls such as ISO27001 - but such efforts only constitute a single aspect of an over-arching cyber security strategy.

Cyber Essentials has been developed to address the need for government and wider industry to ensure that their partners and suppliers are implementing a standard level of cyber security. Certification in Cyber Essentials not only instils confidence in the organization achieving certification – but allows the organization to provide evidence to its customers and stakeholders that their assets and data are resilient against cyber threats. 

Which controls does Cyber Essentials cover?

Cyber Essentials covers five key controls: 

  • Boundary firewalls and internet gateways – prevention of unauthorized access
  • Secure configuration – ensures secure system configuration
  • Access Control – ensures appropriate access to systems
  • Malware protection – installation and maintenance of virus and malware protection
  • Patch management – application of patches and ensuring the latest version of applications is used 

What levels of Cyber Essentials are available?

There are two levels of Cyber Essentials certification available, the standard Cyber Essentials certification and Cyber Essentials Plus.

Cyber Essentials certification will provide a basic level of confidence that an organization has implemented cyber security controls effectively.

Cyber Essentials Plus builds on the Cyber Essentials foundations. Certification at this level tests whether the organization’s implemented controls are sufficient to protect against internet based threats. Achieving Cyber Essentials Plus certification is more challenging than achieving the standard Cyber Essentials certification, and includes a pen test to provide a higher level of assurance that the organization’s cyber assets are secure. Certification is valid for 12 months. 
The standard Cyber Essentials certification must already be held in order to apply for Cyber Essentials Plus certification. 

What are the benefits of Cyber Essentials certification?

  • Provides cost-effective, basic cyber security for organizations of all sizes
  • Demonstrates that an organization meets one of the eligibility requirements when bidding for UK Government contracts
  • Can reduce the risk of prevalent cyber-attacks on an organization
  •  Differentiate yourself from your competitors by demonstrating that you take cyber security seriously