Understanding Cyber Essentials
Written by Joseph Poppy on 04/10/2019
What’s the difference between Cyber Essentials and Cyber Essentials Plus?
Both Cyber Essentials and Cyber Essentials Plus demonstrate that your organisation is taking cyber security seriously and has the five technical controls in place. Cyber Essentials is a self-assessment questionnaire, verified by a certifying body (such as Bulletproof). If you have 2 or fewer major non-conformances, you pass. Cyber Essentials Plus offers everything that Cyber Essentials provides, plus internal and external vulnerability scans and a workstation assessment. Cyber Essentials Plus can be thought of as an independent verification of everything that was claimed in Cyber Essentials. This extra level of scrutiny means your Cyber Essentials Plus badge will hold more weight with potential customers.
Whilst Cyber Essentials Plus is the more expensive of the two, it is held in higher regard and much of the work is done by the certifying body. If you feel a bit overwhelmed and don’t know where to start, don’t worry – most companies have a range of support options to help you through the process.
Cyber Essentials Enquiry
To find out which scheme and package best suits your business, please share a few details with us and we’ll be in touch
Benefits of Cyber Essentials for your business
By becoming Cyber Essentials compliant, businesses can demonstrate to their customers that they take security seriously and have the basics in place to protect their data. Think of it as a fundamental security baseline that can be universally applied to pretty much every organisation. This gives reassurance to customers, potential customers and suppliers, and also gives your organisation a clearer picture of your level of cyber security.
You can also win new business with Cyber Essentials certification. Central Government contracts need suppliers to be Cyber Essentials certified, most MoD contracts demand Cyber Essentials Plus. As of 2021, the NHS also requires supplier to be Cyber Essential certified. Though Cyber Essentials is not mandatory, it is incredibly valuable. It’s not a particularly costly procedure, so the benefits far outweigh the initial investment.
By assessing and ensuring your business is maintaining these five controls to a good standard, you can request Cyber Essentials certification from a certifying body. This will allow you to proudly display a Cyber Essentials badge on your website and attract more clients.
The process each company will go through follows the same path as illustrated below:
An update schedule is vital for continuously plugging holes in your company’s security. This is often harder to do in smaller companies that may not have the dedicated resources to test and oversee these rollouts but, regardless of size, all companies should be doing so.
How to get started?
To get Cyber Essentials certified, you start by contacting an approved certification body, such as Bulletproof. We’ll set you up on the official Cyber Essentials portal and, depending on the level of support you’ve bought, help you through the process of completing the questionnaire. It’s as simple as that to get going.
What's changed in the new version?
Experienced followers of cyber security standards will be aware that in April 2020, the Cyber Essentials scheme changed. Previously, the base level of Cyber Essentials certification required an internal vulnerability scan. Moving this to the Plus certification lowers the barrier to entry, meaning more companies can more easily improve their baseline security with Cyber Essentials certification.
Another change is that previously there were 5 accreditation bodies, meaning there was slight variations in the application of the ‘standard’. Now it’s controlled by IASME, meaning that the standard is, finally, standard. IASME ratifies Certification Bodies (like Bulletproof) to use Qualified Assessors (our consultants) to certify customers as compliant with Cyber Essentials.
What are you waiting for?
Cyber Essentials and Cyber Essentials Plus are great schemes for ensuring you have strong security foundations to build upon. Not only will it generate trust between you and your clients, it’ll give you a top-level understanding of your security posture and the common threats you need to be defending against. The best way to beat the hackers is to get the basics right.
Bulletproof’s friendly compliance officers are Qualified Assessors for Cyber Essentials, and have already helped many customers achieve Cyber Essentials and Cyber Essentials Plus. So, now you know what it is and how they can benefit you, get in touch and we’ll get you certified.
Bulletproof demonstrated their expertise from day one, and thanks to their insight we passed Cyber Essentials first time. With our 10-year history of keeping customer data secure, the Cyber Essentials scheme adds further confidence and value to Backup Systems offerings.
Christopher Blewitt IT Support Technician, Backup Systems Ltd
Our experts are the ones to trust when it comes to your cyber security
ISO 27001 and 9001 certified
Tigerscheme qualified testers
PCI DSS v3.2 Level 1
24/7 on-site Security
Get a quote today
If you’re interested in our services, get a free, no obligation quote today by filling out the form below.