Achieving a strong Cyber Security structure for your business can consume significant amounts of time, money, specialist expertise and resource. Launched in 2014 by the UK Government, Cyber Essentials was developed in order to adopt good practices in information security. The basic goal of Cyber Essentials certification is to protect company information from cyber threats, but it’s important to note that Cyber Essentials is a basic level of due diligence from which to build on and not a comprehensive Cyber Security Strategy as audited from an IT Consultant.

What is the Cyber Essentials Scheme?

The Cyber Essentials certification enables all UK businesses to adhere to a series of Cyber Security principles to safeguard their business data, clients data and participate in high value tenders that require this certification.

Unlike other schemes, that are not Government backed, Cyber Essentials is very affordable and well recognised in the industry. Cyber Essentials helps businesses to mitigate against Phishing attacks including Malware, malicious email and website links and hacking opportunities by exploring the known vulnerabilities in internet connected servers and devices. All risks are identified within an audit prior to the certification submission and weaknesses are identified.

There are two types of Cyber Essentials Certifications available, Cyber Essentials Standard and Cyber Essentials Plus. Businesses can only achieve the Plus once the Standard Cyber Essentials certificate has been awarded. Both Cyber Essentials and Cyber Essentials Plus certifications are valid for 1 year and after that year businesses then reapply for certification.

The Cyber Essentials certification is ideal for organisations who

• Want to demonstrate Government backed IT Security compliance
• Are looking for an enhancement of their ISO 27001 certification
• Keen to work towards obtaining the Cyber Essentials Plus Certification

The Cyber Essentials certification framework

Within the two Cyber Essentials certification options (Standard and Plus) the following five security controls are verified.

1. Boundary firewalls and internet gateways
2. Secure configuration
3. Access control
4. Malware protection
5. Patch management

The business benefits of Cyber Essentials certification

Risk Mitigation

Cyber Essentials benefits businesses identify risks they face when it comes to Cyber Security. In order to achieve certification, there needs to be specific processes and structures in place each year.

Stand Alone Assurance

Broader standards and frameworks such as ISO 27001 provide a different type of protection. As Cyber Essentials is a stand-alone assurance programme, it’s affordable for organisations of all sizes. Many organisations that already have ISO 27001 also have Cyber Essentials.

Protection from Cyber Threats

Thousands of organisations every year fall victims to cyber security attacks which cost time, money and potentially the loss of company and client data. The Cyber Essentials certification ensures cyber security processes are in place to help prevent these attacks.

Data Protection

Now that the EU General Data Protection Regulation (GDPR) is now in force, business owners are now solely responsible for the security of clients’ data in line with the new regulation. Cyber Essentials helps identify weaknesses and puts processes in place to protect data. Failure to protect data under GDPR can result in significant penalties.

Customer Reassurance

Many high value tenders now require ISO 27001 certification as well as Cyber Essentials as it’s an industry recognised starting block that demonstrates strong compliance.

Cyber Essentials FAQs

Here are a list of useful Cyber Essentials FAQs including Cyber Essentials cost.

How much does Cyber Essentials cost?

We offer a wide range of affordable packages for clients and the cost of Cyber Essentials depends on the size of your organisation. This includes a Cyber Essentials audit, submission (Cyber Essentials Standard) and an accredited assessor (Cyber Essentials Plus only). Please get in touch for more information about Cyber Essentials cost packages.

Why do clients choose Infinity Group for Cyber Essentials?

Many clients appoint us to undertake their Cyber Essentials audits as we have a specialist IT Security Team in-house that, if appointed, can easily undertake the tasks outlined in the audit quickly to ensure our clients pass the certification as quickly as possible with minimal time needed from them.

Should you apply for a Cyber Essentials certification in addition to an ISO 27001 certification?

There is increasing demand for companies to have both Cyber Essentials certifications to be eligible to apply for large tenders. ISO 27001 is process driven, whereas the Cyber Essentials Certification is technically driven. We are official partners with The British Assessment Bureau who deliver ISO 27001 for several of our clients

The Cyber Essentials certification criteria

Organisations need to get the majority of the questions correct in each section of the self-assessment questionnaire to pass that part of the Cyber Essentials assessment. Passing the self-assessment questionnaire section will enable you to move onto the vulnerability scan which forms the Cyber Essentials Plus certification if you require this.

The very strict pass criteria is set by the UK Government. If a company chooses to implement our recommendations, outlined in the audit, themselves and does not implement all the tasks outlined you may fail.  Clients often appoint us to carry out the additional work to complete the recommendations outlined in the audit, as we guarantee that they will then pass the certification because all certification criteria will then be met.

Our Cyber Essentials audit will identify the processes that need to be reviewed in order for the customer to pass either certification. However, failure to make the recommendations we provided on our initial audit on the following elements will result in an automatic fail. These include but are not limited to:

1. Use of out-of-date software such as Windows XP and Windows 7 (from April 2020)
2. Weak passwords
3. No anti-virus

How long will it take us to audit and certify a company?

The actual audit will take place at a customer’s office and one of our Cyber Security Consultants will be on-site for half a business day (4 hours).

We are able to complete the Cyber Essentials Standard certification within 2-3 weeks, this includes time for us to complete the audit, produce the report and arrange for the accredited body we partner with to assess your business for the Cyber Essentials Plus certification.

This includes time for the audit and recommendations report to be produced. If work is needed to be completed to make your business compliant this will delay the completion timeline before you submit it for self-assessment.

What is Cyber Essentials Plus?

Cyber Essentials Plus is the next level of assurance through the external testing of the organisation’s cyber security approach. Once a company has completed the Cyber Essentials self-assessment and received the certification, Infinity Group can then arrange for you to complete the Cyber Essentials Plus for an additional fee, this is a fully accredited certification that’s awarded by an external certifying body.

The Cyber Essentials Plus certification can only be obtained by a business after the Cyber Essentials Standard has been awarded. This fully audited certification is awarded by an external Certification Body and offers a higher level of assurance through the external testing of the business’ cyber security approach. A thorough security scan of the network is undertaken by us and all vulnerabilities are identified.

Cyber Essentials Plus is recommended for businesses who:

• Want to tender for large value projects
• Work with highly regulated industries
• Are looking for an enhancement of their ISO 27001 certification

How can a company upgrade their Cyber Essentials certification to Cyber Essentials Plus?

Cyber Essentials Plus is the next level of assurance through the external testing of the organisation’s cyber security approach. Once a company has completed the Cyber Essentials self-assessment and received the certification, Infinity Group can then arrange for you to complete the Cyber Essentials Plus for an additional fee, this is a fully accredited certification that’s awarded by an external certifying body.

Why choose Infinity Group for Cyber Essentials?

Our affordable Cyber Essentials certification packages include an on-site audit of your current setup, including a list of recommendations in line with Cyber Essentials’ strict certification criteria. The Plus certification is awarded by IASME, an official Cyber Essentials accreditation body.

Some clients decide to complete the recommendations identified in our audit themselves before we submit them for the Cyber Essentials Plus certification or they submit themselves for the Cyber Essentials Standard certification. Others prefer us to make those recommendations.

Many clients appoint us to undertake their Cyber Essentials audits as we have a specialist IT Security Team in-house that, if appointed, can easily undertake the tasks outlined in the audit quickly to ensure our clients pass the certification as quickly as possible with minimal time needed from them.

Infinity Group are Cyber Essentials auditors. To find out more about Cyber Essentials Scheme, Cyber Essentials Plus and the costs relating to both certifications please get in touch.