The UK Government’s 1 October deadline for all suppliers bidding for certain government contracts to comply with the Cyber Essentials scheme comes into effect today – with the result that we may witness some changes over the next few months.
, the fast-growing cyber security services provider and CREST-accredited certification body for the UK Government’s Cyber Essentials scheme, has been already working with clients to help them achieve compliance and certify to the scheme, which was introduced on 5 June 2014.
Alan Calder, founder and executive chairman of IT Governance, was quoted by SC magazine, saying: “I'm delighted that the government has confirmed what it has been indicating that it would do - Cyber Essentials is genuinely the minimum level of cyber security that every organisation should have in place - and we, as an accredited certification body under the scheme, are already working with a large number of companies that have sought certification ahead of this announcement.”
UK organisations bidding for government contracts that involve the handling of sensitive and personal information, and the provision of certain technical products and services, must be able to prove compliance with Cyber Essentials or Cyber Essentials Plus, depending on specific requirements.
“Most large organisations would already have implemented important cyber security controls.” Calder explains. “As in the case of one of our large clients, it would be a matter of ensuring these controls are in line with the scheme’s requirements and that the necessary external and, if applicable, internal assessments have been conducted.
“Small and medium-sized organisations, on the other side, will benefit from the scheme by ensuring they implement at least a minimum level of security. It is important to note, that certification to Cyber Essentials or Cyber Essentials Plus is not difficult – with the right level of competent support, most organisations should be able to execute it quickly.” adds Calder.
The Cyber Essentials scheme offers two levels of certification: Cyber Essentials and Cyber Essentials Plus.
requires companies to complete a self-assessment questionnaire, signed off by a senior company representative, and then verified by an external certification body. An external vulnerability scan will also be required if the company has chosen to be certified through a CREST-approved certification body.
Cyber Essentials Plus
provides a more advanced level of assurance, in addition to the requirements stated for Cyber Essentials. This level of assurance will be reached by an internal assessment and internal scan, conducted on-site by the certification body.
IT Governance offers three ‘all-in’ packaged solutions for certification to Cyber Essentials and Cyber Essentials Plus
. Each solution is a combination of products and services in a fixed-price, fit-for-use package sure to meet any organisation’s preferences for tackling compliance projects. Each of the three packaged solutions is available at a transparent price that enables every organisation to know exactly what their chosen journey to Cyber Essentials certification will cost them.
The all-in, Cyber Essentials ‘Do it yourself’, ‘Get a little help’ and ‘Get a lot of help’ solutions can be ordered online at www.itgovernance.co.uk/solutions-for-ces-certification.aspx
Alternatively, organisations can call +44 (0)845 070 1750 or send an email
to request a custom quote.