This website uses cookies. View our cookie policy
United Kingdom
Select regional store:

Scottish Cyber Resilience Strategy for Scotland

Launched by Scotland’s Deputy First Minister in 2015, Safe, secure and prosperous: a cyber resilience strategy for Scotland provides a framework for improving Scotland’s cyber resilience. To support the programme, £3.5 million has been allocated by the Scottish and UK governments for 2018–2019.

The Scottish government intends to lead from the front by building its own cyber resilience and working with other public-sector organisations to make sure resilience is built into digital public services. It intends to expand this to include those that provide key services in the private and third sectors to encourage them to become cyber resilient.

Public Sector Action Plan 2017–2018

All public-sector bodies in Scotland are now required to take urgent measures to develop cyber resilience and become “exemplars” in online security. One of the first requirements was to have a Cyber Essentials pre-assessment by March 2018. 

The Public Sector Action Plan on Cyber Resilience was launched in November 2017 outlining how Scottish public bodies can improve cyber security and be more secure online.

It sets out the 11 key actions that the Scottish government, public bodies and key partners must take in 2018 to further enhance cyber resilience in Scotland’s public sector.

All Scottish public bodies must have:

  • Implemented minimum cyber risk governance arrangements by the end of June 2018;
  • Become members of the NCSC’s (National Cyber Security Centre) CiSP (Cybersecurity Information Sharing Partnership) to promote cyber threat intelligence sharing by the end of June 2018; and
  • Achieved Cyber Essentials or Cyber Essentials Plus certification by the end of October 2018.

To find out more about the Public Sector Action Plan, download our free green paper >>

Private Sector Action Plan 2018–2020

This details the key actions that the Scottish government and its partners will take during 2018–20 to help address existing issues in Scotland’s private sector to ensure greater confidence in cyber resilience standards.

Read more about the private-sector action plan for Scottish businesses >>

Third Sector Action Plan 2018-2020

This action plan sets out the steps that need to be considered for developing a Scottish Third Sector Cyber Resilience Framework/Pathway. This includes providing a simple, structured way for organisations in Scotland – particularly small and medium-sized third-sector organisations – to assess cyber threats to their operations and select the appropriate controls or guidance to help them work progressively towards strengthening their cyber resilience.

Read more about the third-sector action plan for Scottish businesses >>

Cyber Essentials plays a key role in the Cyber Resilience Strategy for Scotland

The Scottish government has listed a range of existing standards, guidelines and controls that can contribute to increased cyber resilience, including ISO 27001, the PCI DSS (Payment Card Industry Data Security Standard) and Cyber Essentials.

The Cyber Essentials scheme is a world-leading, cost-effective assurance mechanism for organisations of all sizes to help demonstrate to customers and other stakeholders that the most important basic cyber security controls have been implemented.

There are two certification options available, giving organisations a choice over the level of assurance they wish to gain and the cost of doing so. 

Cyber Essentials

The Cyber Essentials certification process includes an SAQ (self-assessment questionnaire) and an external vulnerability scan that independently verifies your security status.

Cyber Essentials Plus

Cyber Essentials Plus certification includes all the assessments for the Cyber Essentials certification but includes an additional internal scan and an on-site assessment.

Cyber Essentials webinar: Cyber Essentials plays a key role in the Cyber Resilience Strategy for Scotland​

To learn more about Cyber Essentials, its role within the Cyber Resilience Strategy for Scotland, as well as other business benefits for being certified.

Key topics: 

  • The Cyber Essentials scheme
  • The Scottish Cyber Resilience Strategy
  • The certification process
  • Key benefits of the scheme
  • Why use IT Governance

How does cyber resilience fit in with the GDPR?

Legislation such as the GDPR (General Data Protection Regulation) and NIS Directive (Directive on security of network and information systems) requires decisive action to ensure continuity of service. Non-compliance may have significant ramifications for Scottish organisations.

The ICO (Information Commissioner’s Office) has said that achieving Cyber Essentials accreditation can assist with GDPR compliance. The scheme provides a base set of controls that can be easily applied to help organisations comply with the requirements of the Regulation.

Why choose IT Governance? 

  • We are a leading provider of IT governance, risk management and compliance solutions.
  • We have been advising global businesses and government bodies for the past 15 years.
  • We are known for delivering cost-saving and risk-reducing solutions based on international best practice and frameworks.
  • Our comprehensive packages and solutions can help organisations solve a variety of cyber resilience and privacy issues.

We are the leading CREST-accredited certification body and have awarded hundreds of certifications, with many more organisations achieving certification every day. Our Cyber Essentials clients include Vodafone, Airbus Defence and Space Ltd, Action for Children, NHS Professionals and Lockheed Martin. See the full list of organisations we’ve certified to the Cyber Essentials scheme >>

Why choose IT Governance for Cyber Essentials certification?

Conduct the entire certification process online, without any expert cyber security knowledge, with our Cyber Essentials portal.

We provide all the tools and resources needed to achieve CREST-accredited certification at both levels of the Cyber Essentials scheme.

We deliver all the technical tests and assessments, conducted by our experienced, CREST-accredited testers. We do not outsource any of the services required to achieve certification.

As we are a CREST-accredited certification body, you will benefit from the added level of independent verification of your cyber security status provided by an external vulnerability scan.

We have six packaged solutions available to support companies with varying levels of experience through the Cyber Essentials or Cyber Essentials Plus certification process. View our packaged solutions >>

Having led ISO 27001 implementations since the Standard’s inception, our strong global cyber security presence gives us the knowledge and insight to help you take the next steps beyond Cyber Essentials.

Speak to an expert

For expert advice on cyber resilience and how to become Cyber Essentials certified, or to discuss any concerns, get in touch with us today. 

Our comprehensive solutions aligned to international best practice can help you achieve cyber resilience.