The Cyber Essentials Scheme is a government scheme that helps organisations of all sizes to protect themselves against the most common threats from the internet. Cyber Essentials certification also signals to other companies and customers that you take cyber security seriously and can be trusted with their information. The scheme covers five main technical controls, which are:
Securing your Internet connection (firewalls and routers)
Securing your devices and software (secure configuration)
Control access to your data and services (access control)
Protection against viruses and other malware (malware protection)
Keeping your devices and software up to date (software updates)
The Cyber Essentials scheme offers two levels, 1) self-assessed and independently verified, 2) the ‘Plus’ level, which includes an independent technical audit.
The ‘basic’ level is self-assessed and independently verified. It works in the format of a questionnaire which has eight sections. All questions must be answered.
Before submitting the questions, they must be approved by a Board level representative, business owner or the equivalent. They must sign a declaration that all the answers are correct.
Forti5 Technologies trained assessor will be able to help you understand the questions and controls required to pass the assessment.
Cyber Essentials Plus
This scheme includes the Cyber Essentials questionnaire but also involves an independent technical audit of your systems to verify that the Cyber Essentials controls are in place.
The audit includes a representative set of user devices, all internet gateways and all servers with services accessible to unauthenticated internet users. Our assessor will test a suitable random sample of these systems (typically around 10 per cent) and then decide whether further testing is required.
A Cyber Essentials self-assessment must be passed to be certified to Cyber Essentials Plus. However, our assessors can do the self-assessment simultaneously as Cyber Essentials Plus.
Our Cyber Essentials Plus assessor would generally visit your head office and a representative sample of your other offices to conduct the tests. In the current climate, however, the audits are being run remotely.
Generally, organisations that choose to certify with Cyber Essentials Plus reports can assure their customers that the controls are followed correctly.
IASME Cyber Assurance
This certification allows SMEs to demonstrate their cyber security and information governance level for a realistic cost. It indicates that they are taking further steps to adequately protect their customers’ information and meet the data protection requirements of GDPR.
The IASME Cyber Assurance standard is aligned to a similar set of controls as ISO 27001 but is more practical, affordable and achievable for small and medium-sized organisations to implement.
The IASME Cyber Assurance standard complements and builds on Cyber Essentials.
But it does not include Cyber Essentials Controls; these must be assessed separately. Assessment and the GDPR requirements. Whereas Cyber Essentials checks the technical controls, this standard also consists of a check against key information governance aspects, such as
- Risk assessment and management
- Training and managing people
- Change management
- Incident response and business continuity
IASME Cyber Assurance has also been mapped against and includes the controls recommended in the Government’s Ten Steps to Cyber Security.
IASME Cyber Assurance level 2 involves an onsite audit of your governance processes and procedures covered by the IASME Cyber Assurance standard. One of our assessors would generally visit your head office and a representative sample of your other offices to carry out the checks. In the current climate, however, the audits are being run remotely. You can get a quote for IASME Governance Audited here.
Forti5 Technologies is an IASME-certified business that assesses organisations to the IASME standards. We at Forti5 Technologies take the time to explain the assessment so that the company understands what is expected and why it is necessary.
If you would like to know more about how we can at Forti5 Technologies help you on the certification journey, do not hesitate to contact us.