Bulletproof’s range of cyber security, data protection and compliance services are your best defence against threats to your business. With nearly a decade of providing trusted security services, we’re continuing our mission of solving the greatest cyber security & compliance challenges through innovation and simplicity. Explore our range of services and find out how Bulletproof can help your business.
Helping people solve their security challenges is what we do, so we’re always keen to hear from you.
Discover CREST penetration testing & continuous security
Internal & external infrastructure, network & system testing
Manage multiple tests & get external security assurance
Thoroughly assess your web apps & APIs for security flaws
Test your response to a simulated real-world cyber attack
All cloud platforms & services tested, including Azure & AWS
Test your human cyber defences with social engineering
Android, iOS & custom mobile application security testing
Find out more about penetration testing – what it is, when you need it, and why it’s a core component of any business. Discover how pen test helps with compliance, powers best practices, and helps your organisation win new business.
Gap analysis, implementation, audits & more from GDPR experts
On-going support to easily manage your data protection obligations
Consultant-led support to meet all levels of DSPT submission
Flexible & engaging data protection training from certified experts
Get peace of mind that your data protection is being managed by trusted, certified consultants. All Bulletproof data protection services are delivered by our highly trained, experienced and qualified staff.
Gap analysis, implementation, audits & more from dedicated ISO consultants
Find the next step in your strategy with this consultant-led assessment
Get quick & easy CE certification with a range of feature-packed packages
Flexible access to top-tier information security strategy & management
Experienced SOC 2 consultants, AICA audits & compliance automation platform
On-site, remote and video-based security training to boost your resilience
Affordable expertise & support to help you meet & maintain PCI DSS compliance
Go beyond compliance with information security services that are designed to give real operational benefits to your business. All delivered by seasoned, certified Bulletproof security consultants.
24/7 defence against cyber attacks with proactive threat detection
Get help responding & recovering from cyber incidents
Detect, analyse and stop cyber attacks with real-time prevention
Forensic support & data recovery following cyber attacks
Stay on top of new vulnerabilities with powerful, flexible scanning
Evaluate your wireless network for security weaknesses
Discover how your business can identify & manage cyber threats
Comply with regulations, meet certification standards & best practices
Train and test your staff for security resilience, data protection & compliance
No matter what your cyber or compliance challenges, Bulletproof is here to help. We like to work with you as a trusted partner to solve problems, not sell services. No pressure tactics and no false promises.
Learn about our mission to make cyber & compliance accessible to all
Grow your business with high-margin, high-value & partner-ready services
Become part of the Bulletproof team & supercharge your career
Bulletproof’s in-house SOC powers our Managed SIEM & MDR services
We love to talk. Tell us about your cyber & compliance challenges
At Bulletproof we love to solve problems with simplicity & innovation. It’s our mission to make compliance & cyber security services accessible to all. We take pride in building and nurturing teams of exceptional talent, so we’re confident that our cyber security & compliance services are the best way to stay one step ahead of the hackers and protect your business.
Helping people solve their security challenges is what we do, so we’re always keen to hear from you, no matter what you have to say.
Get the latest news, views & expert insight in the world of cyber security, data protection & compliance
A helpful index of cyber security terms, compliance acronyms and industry terminology to make life easy
Discover what we have to say about the threat landscape & what businesses need to know to get ahead
Find out how we can make companies like yours Bulletproof. Don’t take our word for it, hear direct from our clients
Detailed insights & helpful tips for understanding penetration testing, data protection & more
Interesting data & top tips at a glance, with insightful infographics covering all areas of cyber security & compliance
Watch our experts talk through their thoughts & opinions on a variety of security & compliance topics
See when & where we’re going to be bringing Bulletproof insight to an event near you
Ayisha Bari
Find out what ransomware is, how attacks work & types of attack to help you get started with keeping ransomware out of your business.
Read More
In what is being described as the most significant update to the scheme since it launched in 2014, the National Cyber Security Centre (NCSC) has announced that the technical controls for Cyber Essentials and Cyber Essentials Plus will be updated as of 24th January 2022.
The change is to bring the scheme in-line with the evolving cyber security challenges that organisations now face, particularly around the adoption of cloud services and hybrid working.
This refresh will impact any organisation looking to gain their Cyber Essentials or Cyber Essentials Plus certification, whether for the first time or as a renewal. Here you’ll find the details on what you need to know for your upcoming Cyber Essentials assessment.
Due to the global pandemic of COVID-19, the way in which businesses operate has drastically changed over a relatively short amount of time. To continue operating, most businesses had to go fully digital and allow a remote or hybrid working model. It is this digital transformation and rapid adoption of cloud services that has prompted the NCSC and IASME to implement changes to the existing Cyber Essentials scheme to ensure organisations uphold a basic level of cyber resilience which reflect the current working environments and cyber security risks.
Some of the key updates to Cyber Essentials will specifically cover changes to cloud services and web applications, bring your own device (BYOD), and security updates including password management and multi-factor authentication (MFA). There is also new guidance on backing up data and new requirements on device locking. Some key things to be aware of:
Here are the key dates you need to know about and how they may affect you on your journey to achieving Cyber Essentials certification.
Organisations who are already certified will remain so until they need to renew. In preparation for recertification, it is recommended organisations familiarise themselves with the new Cyber Essentials requirements commencing January 24th 2022.
Soon after announcing changes to the Cyber Essentials question set, the NCSC and IASME also released news that there would be a new tiered pricing structure for the scheme, coming into effect at the same time.
The tiered pricing structure – which adopts the internationally recognised definition of business size – is shown in the table:
There are two levels of certification: Cyber Essentials and Cyber Essentials Plus, with the latter a more advanced assessment of an organisations’ security.
To achieve basic certification, a business must complete a self-assessment form regarding current security policies, software updates and the measures in place covering security best practices. Most businesses choose to work with a Certification Body to help them with the process. At Bulletproof, our certified Cyber Essential Assessors aid businesses with their Cyber Essentials certification by reviewing answers and providing guidance ahead of submitting the assessment to IASME, the Accreditation Body.
To achieve Cyber Essentials Plus, a business must first also complete the basic Cyber Essentials certification a maximum of 90 days prior to applying for the Cyber Essentials Plus. Vulnerability scans and a workstation assessment, along with remediation of any uncovered security risks is then required to pass the Cyber Essentials Plus certification. The difference between Cyber Essentials and Cyber Essentials Plus is that the latter will require an assessor to conduct technical audits on the businesses systems to authenticate that Cyber Essentials controls are in place.
Cyber Essentials remains an important first step in making sure your business is protected against a wide variety of cyber threats. It’s cost-effective, easy to implement and will ensure businesses deter hackers from targeting their infrastructure once the necessary Cyber Essentials technical controls are in place.
The new changes to Cyber Essentials have been imposed to strengthen businesses cyber resilience and comes at a pivotal time as the NCSC recognise that evolving working practices mean the threat landscape of a cyberattack looms larger than ever before. The changes to the scheme will mean achieving Cyber Essentials certification becomes more in-depth and businesses can have greater peace of mind that they are adhering to the basic level of cyber security, protecting their infrastructure and their workforce.
As Managing Director of Bulletproof, Nicky’s responsible for innovating and evolving Bulletproof’s compliance services. With a varied and interesting career, Nicky shares amazing insight that directly helps businesses overcome their security and compliance challenges.
Prevent breaches and win customers with our flexible Cyber Essentials & Cyber Essentials Plus packages.
If you are interested in our services, get a free, no obligation quote today by filling out the form below.
I'd like to receive Bulletproof communications about relevant services and events
For more information about how we collect, process and retain your personal data, please see our privacy policy.