SCIS UK Limited can help you obtain the government backed Cyber Essentials certification. We work with you to ensure your systems and infrastructure meet the standards of the scheme and then liaise with an independent certifying body on your behalf to complete the assessment process and obtain the certification.
What Is The Cyber Essentials Scheme?
Cyber Essentials is a Government-backed, industry supported scheme to help organisations protect themselves against common cyber attacks. According to the UK Government, 80% of cyber attacks could be prevented if organisations put simple cyber-security controls in place. The scheme identifies some fundamental security controls that organisations should have in place to secure themselves against common cyber threats.
The scheme offers a Basic and Plus certification.
What Are The Benefits Of The Cyber Essentials Certification?
A simple virus or piece of malware could result in loss of company and client data, disrupt your cash flow and take up staff time. An attack could also put off your customers, stop you trading and damage your hard-earned reputation. Loss of data could breach the Data Protection Act and lead to fines or prosecution.
Obtaining the certification will:
- Protect your organisation against common cyber threats
- Show your customers you take cyber-security seriously
- Enable you to bid for Government contracts
- Assist with GDPR compliance
Achieving the certification will also allow you to use the Cyber Essentials badge to advertise that your organisation meets a Government-endorsed standard.
Cyber Essentials Basic - Stage 1
This is a self-assessment certification that combines a security questionnaire and an external vulnerability scan of Internet-facing systems for your organisation. We will review the self-assessment questionnaire and external vulnerability assessment results, and if both areas pass you will be issued a Cyber Essentials certificate and can use the certified badge.
The following key areas are assessed:
- Boundary firewalls and Internet gateways
- Secure configuration
- Patch management
Stage 1 assessments are all conducted remotely, no onsite visit is required.
- Step 1
- We will issue you a self-assessment questionnaire that must be completed and returned.
- Step 2
- We will schedule and conduct an external vulnerability assessment against your Internet-facing systems.
- Step 3
- We will review the results from steps 1 and 2 and issue a pass or fail. If you pass, we will issue your certificate. If you do fail, we can work with you to help you prepare and conduct a re-test.
Cyber Essentials Plus - Stage 2
This combines a self-assessment security questionnaire, an external vulnerability scan of Internet-facing systems as well as authenticated vulnerability scans of your internal workstations and mobile devices. We will review the self-assessment questionnaire and external vulnerability assessment results, then arrange an onsite visit to test your internal workstations and mobile devices. If all elements of testing pass you will be issued a Cyber Essentials Plus certificate and can use the certified badge.
The following key areas are assessed:
- Secure configuration
- Access control
- Malware protection
- Patch management
- Step 1
- We will issue you a self-assessment questionnaire that must be completed and returned.
- Step 2
- We will schedule and conduct an external vulnerability assessment against your Internet-facing systems.
- Step 3 (Steps 3 - 5 require a visit at your offices to assess the following:)
- Authenticated vulnerability scan of internal workstations.
- Step 4
- Email and web download protection against malicious file types.
- Step 5
- Mobile device and tablet basic security review (pin code protection and malware).
How Long Does It Take To Become Certified?
We are able to turnaround Cyber Essentials Basic assessments typically within 24-48 hours. We understand you may need the certification fast in order to do business with other companies, so we respond quickly.
For Stage 2 Plus assessments we are very flexible and will work with you to identify the best date and time to conduct our on-site visit to your premises.