The UK government has today confirmed that, from 1 October 2014, suppliers bidding for some government contracts must comply with the new Cyber Essentials controls.
Who is affected by the October deadline?
UK organisations bidding for government contracts that involve the handling of sensitive and personal information and the provision of certain technical products and services must be able to prove compliance with Cyber Essentials or Cyber Essentials Plus, depending on specific requirements.
These types of contract are likely to be with the following categories of supplier:
- Professional services including commercial, financial, legal, HR and business services that handle data.
- IT managed or outsourced services and ICT services that run systems that store data.
The following are exempt from the Cyber Essentials scheme:
- Suppliers to the Ministry of Defence (MoD)
- iiDigital Services Framework (DSF)
- Public Sector Network (PSN)
- ID Assurance Framework
- vAssisted Digital
The Cyber Essentials Scheme Policy Procurement Note provides further information on the certification process.
How can you achieve compliance with the scheme?
There are two types of certification: Cyber Essentials, which relies on self-assessment and an external verification by a certification body, and Cyber Essentials Plus, which relies on a more rigorous on-site assessment and internal scan by a certification body in addition to the requirements of Cyber Essentials.
IT Governance is a rigorous supporter of the Cyber Essentials scheme and offers unique solutions to help you meet its requirements at a pace and for a budget that suits you.
Visit our Cyber Essentials scheme solutions page to find out more about your options.
Who can provide certification?
As a CREST-accredited certification body, IT Governance can help you to achieve certification to either Cyber Essentials (CE) or Cyber Essentials Plus (CE Plus).
Call us on +44 (0) 845 070 1750 or send us an email.