We have over ten years of experience at the forefront of cybersecurity and we were there at the start of the Cyber Essentials scheme. Our CISO team had worked with some of the world’s largest and most complex businesses and industries. We have a deep understanding of both existing and emerging threats, as well as their rapidly changing tactics, techniques and procedures.
Our Cyber Essentials specialists are here to carry out all manner of services for your business to help you achieve a passing certificate. Cyber Essentials is the Government-backed, industry-supported foundation for basic cybersecurity hygiene. The scheme guides organisations of any size in protecting themselves against cyber threats. You can read more about the UK Government’s scheme and more in-depth information on the audit process in our audit guide.
A Foundation of Cyber Security
The foundation level is an independently verified self-assessment. You complete an online assessment questionnaire which is approved by a Senior Executive of your business. Upon submission, we will independently review and confirm your responses. If successful, we will award you the requisite certificate and badge that you can display on your company website.
1. IASME-certifications for Cyber Essentials upon successful completion of all elements;
2. Access to the IASME portal where you will submit your self assessment questionnaire (SAQ);
3. A precheck of your self-assessment answers by one of our security experts prior to submission, to ensure you have addressed all compliance requirements; and
4. Free cyber insurance and support.
The Next Level
The next stage of your security journey and involves both independent internal and external tests of your network and computers. You must have been awarded the foundation level certification in the last three months before you can proceed with accreditation. Successful accreditation provides a higher level of assurance. It demonstrates that your organisation has a robust cyber security regime. It shows that controls are present to maintain a vigorous defence against Internet-based attacks.
1. A precheck of your Cyber Essentials questionnaire answers by one of our security experts, to ensure you have addressed all compliance requirements
2. Access to the IASME portal where you will submit your self assessment;
3. An on-site assessment; and internal vulnerability scans;
4. External vulnerability scans; and your Cyber Essentials and Cyber Essentials Plus certificates
You complete an online assessment questionnaire which is approved by a Senior Executive within your business. Upon submission, we will perform an independent review and verify your responses.
For many companies without a current set of cyber security policies, you might find our free policy pack useful. You can download the pack from our free policy pack page.
If successful, we will award you the requisite certificate and badge that you can then use within your marketing material and can display on your company website. The process is reasonably rapid, and our average turnaround on reviewing the submission is 4 hours.
Following successful certification against the foundation level, you may apply for Cyber Essentials Plus certification, which must be within three months of completing the Cyber Essentials level. If the gap is longer than three months, then it must be re-certified.
Once the assessment scope is determined, we will arrange to either visit to your site by one of our consultants or send you one of our appliances. We will then conduct a range of external and internal technical verification tests of your network and web application security. For the external scans, we use our [secure] scanner platform. For the internal scans, we use either our appliance or a local copy of Nessus Professional on our consultant’s laptop.
We will assess several systems randomly chosen from the scope pool of machines. The scope pool is at least 10% of each different build. Our team will be able to advise you more about this.
As a result of the ongoing assessment, it may be necessary for us to advise you to make changes for you to attain the certification successfully. In some cases, we can perform those changes through our CISO team.
The average turnaround time for a Cyber Essentials Plus certification is 24 hours.
The cost of Cyber Essentials
IASME, the certification body that oversees Cyber Essentials certification, charges £300 plus VAT for an assessment.
However, you must also factor in the costs of preparing for the assessment and aligning their practices with the five controls within the Cyber Essentials Scheme:
Access controls; and
You can conduct a vulnerability scan to whether you’ve addressed each of these controls adequately and therefore whether you’re ready to seek certification.
Applying the relevant controls won’t be particularly expensive, but they will take time and expertise to embed within your systems and processes.
This is something many organisations overlook when implementing Cyber Essentials, which is why we advise hiring a consultant. If you don’t, you risk failing your certification project and having to start over.
Our Cyber Essentials services provide all the guidance you need.
Whether you need to Get A Little Help or Get A Lot Of Help, our experts will support your certification project, providing the necessary documentation, policies and procedures, and technical assistance.
These packages also cover the IASME assessment fee.
If you are seeking a higher level of security then you should consider Cyber Essentials Plus.
The certification process comprises a technical audit of your systems, an external vulnerability assessment, an internal scan and an on-site assessment.
To be eligible, you must complete the audit within three months of your Cyber Essentials certification or complete both assessments simultaneously.
The cost of preparing for Cyber Essentials Plus will vary depending on the size and complexity of your organisation.
Cyber Essentials certificates are valid for 12 months, so you are required to review your practices and renew your certification annually.
IASME will email you a month before your certificate expires – but if you use our Cyber Essentials solutions, we will handle the process for you.
Our fully managed service ensures that you’re ready to renew your certificate each year.
A 2020 Ponemon Institute study found that data breaches cost organisations almost £3 million, a sum that could soon put them out of business.
With Cyber Essentials, you can drastically reduce this risk. Organisations that certify to the scheme will prevent 80% of common cyber attacks – including those that tend to cause the most damage, such as malware and ransomware.
But certification isn’t just about preventing disaster; it also comes with business opportunities.
For example, the UK government requires any potential partner to have Cyber Essentials certification, and many other organisations expect the same.
You should anticipate conditions such as this to become the norm over the next few years, as organisations realise the importance of effective information security throughout the supply chain.
The question therefore isn’t so much whether you can afford to certify to Cyber Essentials but whether you can afford not to.
We have a range of options for those who want to learn more about and achieve certification.
Ask us a question, any question at all. As long as it has to do with Information Security / Cyber Security, we will get back to you with an answer.