United Kingdom
Select regional store:

Cyber Essentials Plus for healthcare

The Cyber Essentials scheme is a world-leading, cost-effective assurance mechanism for organisations to help demonstrate that the most basic cyber security measures are in place. Certification can be achieved at two levels, Cyber Essentials and Cyber Essentials Plus.

Download our free guide

Recent reviews have recommended Cyber Essentials Plus as the minimum standard for healthcare providers and partners to demonstrate that they have implemented the most basic cyber security controls. For more information about the Cyber Essentials scheme and how it can help you guard against the most common cyber threats, download the free guide.

Download now

What are the five key Cyber Essentials security controls?

Secure configuration

Confirm that computers and network devices are properly configured in order to reduce the level of inherent vulnerabilities.

Find out more about secure configuration >>

Secure your Internet connection

Confirm that only safe and essential network services can be accessed from the Internet.

Find out more about boundary firewalls and Internet gateways >>

Access control

Confirm that user accounts are assigned to authorised individuals only.

Find out more about access control >>

Patch management

Confirm that devices and software are not vulnerable to known security issues for which fixes are available.

Find out more about patch management >>

Malware protection

Restrict the execution of known malware and untrusted software.

Find out more about malware protection >>

In addition to a self-assessment of the five security controls and an external vulnerability scan, Cyber Essentials Plus includes an internal network vulnerability scan and an on-site assessment to thoroughly check whether the solutions you have put in place comply with the control requirements.

The National Cyber Security Centre (NCSC), National Data Guardian Review and Smart review highlight the need for all organisations to achieve Cyber Essentials Plus certification by 2021.

“Recommendation 1: All NHS organisations are to develop local action plans to achieve compliance with the Cyber Essentials Plus standard by June 2021, as recommended by the NCSC.” 

 - William Smart, Chief Information Officer for Health and Social Care, Lessons learned review of the WannaCry Ransomware Cyber Attack

Cyber Essentials Plus and compliance standards

The Data Security and Protection (DSP) Toolkit has now replaced the Information Governance (IG) Toolkit as the compliance standard for all organisations looking to connect to NHS networks.

Cyber Essentials Plus certification satisfies multiple conditions of the DSP Toolkit. Achieving certification will prepopulate many of the compliance statements within the online portal, reducing the time and cost needed to demonstrate compliance.

Click here for more information on the DSP Toolkit >>

Supply chain

Cyber Essentials is as crucial to healthcare industry partners as it is to healthcare providers. Cyber criminals will exploit any vulnerability in the supply chain to gain access to information networks, resulting in unmitigated access to patient records and valuable healthcare data.

Cyber Essentials Plus can minimise the risk of a data breach and demonstrate that your organisation prioritises cyber security, helping you to secure NHS contracts.

NHS industry partners will be required to comply with the DSP Toolkit from April 2018. Cyber Essentials Plus can help speed up the connectivity and supply process by fulfilling and prepopulating compliance statements within the DSP Toolkit portal.

More information on the DSP Toolkit for healthcare industry partners is available from our healthcare experts >>

Benefits of Cyber Essentials Plus

Protect your organisation from approximately 80% of cyber attacks

Courses are delivered at our public training centres, Live Online, e-learning, distance learning or as convenient in-house training sessions.

Drive business efficiency

Focus on your core business objectives knowing that you are protected from the majority of cyber attacks.

Demonstrate security and help secure the supply chain

Demonstrate your commitment to protecting your own data and that of your customers and suppliers.

Increased chance of securing business

Boost your reputation and have a greater chance of winning contracts.

Why choose IT Governance for Cyber Essentials certification?

IT Governance is the leading CREST-accredited certification body and has awarded hundreds of certifications, with many more companies achieving certification every day. Our Cyber Essentials clients include NHS Professional, Health Management Ltd and the Professional Standards Authority for Health and Social Care.

See the full list of organisations we’ve certified to the Cyber Essentials scheme >>

This website uses cookies. View our cookie policy