Cyber Essentials Plus Certification
Cyber Essentials Plus helps you to guard your organisation against cyber attack.
The scheme assesses five technical controls:
- Boundary firewalls and internet gateways
That you have a secure internet connection. - Secure configuration
That you have the most secure settings turned on on all your company devices. - User access control
That you have full control over who is accessing your data and services. - Malware protection
That you have protection in place against viruses and malware. - Patch management
That your devices and software are updated with the latest versions.
The Cyber Essentials certification process is the first step to cyber security in the UK. It outlines the security controls organisations must have to protect their data.
Once you understand these basic controls and have them in place, you must fill out a questionnaire confirming your devices meet these criteria.
The primary advantage of Cyber Essentials Plus is that it offers absolute assurance that correct controls are in place through use of an impartial third party.
Why should you get Cyber Essentials?
Cyber security is an investment in the safety and future of your business.
The Cyber Essentials Scheme (and the Plus certification in particular) is an excellent way to show your customers that you take their security seriously.
The main advantage of Cyber Essentials Plus
Is there a real benefit to the extra effort of earning Cyber Essentials Plus?
The primary advantage of Cyber Essentials Plus is that it offers absolute assurance that correct controls are in place through use of an impartial third party. Customers and partners don’t have to just take your word that you are cyber secure – they can rely on the expertise of a professional. It demonstrates to both your customers and partners that you are committed to cyber security and protects your company.
Beyond the positive image that comes with certification, compliance ultimately means safety. For your business, for your employees, and for your customers.
Taking the time to prepare your company for compliance by implementing firewall protection, secure configurations, user access control, malware protection, and patch management is the first step to become a secure organisation.
Which certification is right for me?
Which certification is better for you depends on what your goals are. If you’re looking to show customers that you care about data protection, then the Essentials certification can be a solid starting point. It is also advisable and, in some cases a requirement, that companies bidding for contracts or tenders in the public sector achieve the necessary certification.
If you hold any form of sensitive data, you should consider getting the Plus certification. However, for many smaller organisations, the cost of paying an independent auditor can be steep as costs for travel and expenses can quickly add up. If cybersecurity compliance is integral to your sector, as many sectors more often are, the standard Cyber Essentials certification is a great first step.
If you’re unsure, start with the Cyber Essentials and you can always add the Plus version further down the line. However, be aware that to achieve Cyber Essentials Plus, you must have achieved Cyber Essentials within the last 3 months.