For those unfamiliar with the UK Cyber Essentials scheme, it was launched in 2014 to support UK organisations achieve a baseline of cyber security by implementing key security controls. Organisations can achieve certification against the scheme to prove their credentials. This is intended to be an affordable and straightforward process.
Since the scheme launched, over 300 organisations have certified. Among those is children’s charity Action for Children.
Charities in particular can be an attractive target for cyber criminals because of the amount of sensitive information they store.
We talked to Richard Hill, IT solutions manager at Action for Children, who explained why it was important for his organisation to achieve Cyber Essentials Plus certification and how they did it. Richard is responsible for the IT infrastructure, systems and security at Action for Children.
Support the most vulnerable and neglected children and young people throughout the UK.
What were the main drivers for pursuing Cyber Essentials Plus certification?
As an organisation we wanted to prove to local authorities and partners we work with that we take our IT and data security seriously and that our systems are secure. The Plus certification is externally verified and nationally recognised.
What was your approach to meeting the Cyber Essentials Plus requirements?
After an initial meeting with IT Governance we went through both our external facing systems and workstations, and ensured that they were fully patched and all security updates were applied.
Did you bring in external help or did you do it yourself?
The work was carried out in-house by my team of engineers working closely with IT Governance.
Did you find it easy to obtain certification, or was some remedial activity required?
Some remedial work was required after the initial visit of IT Governance before the external and internal scans were carried out.
How long did it take you to get your processes and systems in order so that you could achieve certification?
Overall the process took us around four weeks to complete.
Do you believe that being certified to Cyber Essentials Plus benefits your organisation?
Yes, there is a clear benefit to Action for Children as we can now prove to local authorities who we want to tender for work from that our IT and data security is sound.
Do you believe that certification is affordable for charities?
Given the benefit of being certified, the cost didn’t seem excessive.
Why did you choose IT Governance?
They offered the best overall package of support and guidance.
Why did you opt for Cyber Essentials Plus rather than Cyber Essentials?
As stated above, we wanted to have our security externally verified in order to be able to prove to local authorities, who we may wish to tender for work from, that our data and systems are secure.
What advice would you give other charities thinking of getting Cyber Essentials certified?
Find a company such as IT Governance who can work with you through the process and assist you in getting certified. I also highly recommend the Cyber Essentials training course which IT Governance run as this provided me with much needed information on what was involved in getting certified.
Are you looking to certify to the Cyber Essentials scheme?
IT Governance offers three unique solutions to certification that will enable you to achieve certification to either Cyber Essentials or Cyber Essentials Plus cost-effectively and easily.
UK-registered charities can use an exclusive voucher code, CHARITY-CES, to save 10% on the cost of our Cyber Essentials scheme solutions. Use the voucher code at the checkout or quote it over the phone. This voucher code is available through February and March 2015 only. Any non-charities using this voucher will be asked to pay the difference before we go ahead with delivery.