1. The Cyber Essentials Scheme was officially launched on 6 June 2014. From 1 October 2014, the UK Government will require suppliers from specific industries, bidding for certain contracts, to be certified to the scheme.
2. Implementation of these controls can significantly reduce the risk of prevalent but unskilled cyber attacks.
3. Organisations can apply to be awarded one of two badges – ‘Cyber Essentials’ or ‘Cyber Essentials Plus’ – depending on their needs.
4. The entry-level tier, Cyber Essentials, is based on a self-assessment questionnaire. The questionnaire must be signed off by the CEO and submitted to an independent certification body for ‘remote’ external verification.
5. The second tier of the scheme, Cyber Essentials Plus requires that an additional, more extensive internal assessment be conducted by an independent certification body.
6. There are 2 accreditation bodies, CREST and IASME. Independent Certification bodies will be appointed to undertake assessments of Cyber Essentials and Cyber Essentials Plus.
7. In addition to certification services, CREST-approved certification bodies are able to also offer vulnerability scans and assessments relevant to Cyber Essentials Plus.
8. Organisations already adopting cyber standards such as ISO27001 will find that Cyber Essentials maps to their existing systems, but an additional assessment for ISO27001-compliant organisations will still be necessary to verify compliance with Cyber Essentials and Cyber Essentials Plus.
9. The Cyber Essentials scheme aims to make certification in cyber security achievable for both large and small organisations by offering a lower cost and more accessible solution for small businesses.
10. Certain insurance providers offer preferential insurance rates to organisations that hold a Cyber Essentials badge.