The UK Government released the Cyber Essentials Scheme just over four weeks ago. Designed to help organisations ensure that they are implementing basic cyber security hygiene, the Scheme has been quickly picked up by several organisations, Barclays being the latest.
The Scheme was released on 7 April 2014 but wasn’t officially launched until 5 June. Within a week of the Scheme being published, seven organisations had already been certified against the first of the two levels of certification.
One of those organisations is Nexor, a UK market leader in secure information exchange and information assurance.
Andrew Kays, Operations Director at Nexor, said in statement that, “Security is paramount to Nexor and as a holder of ISO27001 we initially questioned if Cyber Essentials would provide any additional benefit. However, recognising the value of Cyber Essentials certification in the government supply chain, we committed to achieving certification at the earliest opportunity. During the review we identified several areas where there was scope for improvement in managing our existing security controls, which showed the value of the scheme.”
Nexor isn’t the only organisation that holds ISO 27001 certification as well as Cyber Essentials. Barclays, who have just achieved certification, found the implementation “straight-forward” due to their ISO 27001 certification.
It’s not one or the other
Richard Bach, Assistant Director – Cyber Security, Department for Business, Innovation and Skills, said at our Cyber Essentials event on 8 May that, “Cyber Essentials is complementary to the good work and value across several existing standards and frameworks. The Scheme gives testable guidance on five areas of basic technical controls. When implemented, it will help organisations protect themselves from online cyber threats. Its principles apply to organisations of all sizes, from micro enterprises to large corporates. Our main aim is adoption – we want to see Cyber Essentials adopted as far and wide as possible. We want to see a step change in organisational cyber security behaviours.”
Organisations that wish to do business with the UK Government should be aware that an ISO 27001 certificate isn’t going to get them a free pass.
Equip yourself with the correct knowledge
Our previous Cyber Essentials event sold out and due to high demand, so we are running a second on 17 July 2014. Join a high profile list of government and industry figures who will discuss the Scheme and the requirements to qualify for Cyber Essentials or Cyber Essentials Plus certification. Learn more about this Cyber Essentials event and book your place today.