Achieving HM Cyber Essentials through Self-Assessment – Part 1

Part 1 – The Cyber Essential Levels

Cyber crime continues to pose a valid and growing threat for every business, large or small.

In direct response to this threat, the UK HM Government began working with IASME (the Information Assurance for Small and Medium Enterprises consortium) and the ISF (the Information Security Forum) in June 2014 to develop “Cyber Essentials“, technical controls to be used by organisations to mitigate the risks associated with common Internet-based threats.

Most risk management business leaders agree. According to Willy Stoessel, Director of The Swiss Re Group, a Zurich-based risk-management insurance group, “The Cyber Essentials Scheme will positively impact the wider UK economy by raising the bar for opportunist attackers.”

What Cyber Essentials will also invaluably do is help bring UK businesses inline with the cyber security compliance requirements to meet the upcoming GDPR which will apply to the UK from 25th May 2018.

 

The Two Levels

The full Cyber Essentials scheme enables organisations to gain one of two levels of certification. By creating two options, organisations have a choice over the cost and level of their assurance.

 

cyber essentials level 1Cyber Essentials (Level 1)

This level requires the organisation to complete a self-assessment questionnaire.

Once completed, the responses are then to be independently reviewed by an external certifying body.

 

 

 

 

cyber essentials level 2Cyber Essentials PLUS (Level 2)

In addition to the requirements of Level 1, this level also requires that the organisation’s systems are tested using a range of tools and techniques.

While larger businesses may have the resources to effectively handle the majority of criminal activities over the Internet, smaller businesses can be at a disadvantage because of their more limited resources. Level 1 allows smaller firms in particular to protect themselves adequately while Level 2 adds additional testing procedures.

 

Both Cyber Essentials documents are provided free for downloading by any organisation and can immediately put them into place. However, once the organisation is certified, the Cyber Essentials badge can be displayed by the business effectively notifying customers, clients, partners, and other interested parties providing independent assurance that the organisation have the proper protections in place and take cyber security seriously. This not only boosts the organisation’s reputation but also provides a competitive selling point by showing that there have been independent assurance that the organisation has the protections in place correctly.

 

Stage Definitions

Stage 1 – Cyber Essentials (self-assessment)

 

 

 

 

 

Stage 2 – Cyber Essentials (independently tested)

 

 

 

 

Cyber Essentials Plus offers a somewhat higher level of assurance by utilising an independent testing regime.

Organisations must re-certify once each year, or more frequently when required to meet specific customer or procurement requirements.

 

[c2a]

Morris - Morris Treger

Great service!

Jane - Blackjack's Mill Ltd

Problem sorted thanks to Mohammad :)

Laurence - Silva Timber Products Ltd

Quick and easy as everything was done for me.

Petra - Chelsea Psychology Clinic

The guy who helped me was very polite and patient. Also helped me resolve my issue quickly.

Sangita - Banana Tree

Excellent service - Thank You!

Tony - Minerva MC

I was contacted within a few minutes of reporting the issue and within 30 minutes all was sorted. I\'m not totally IT literate but Mohammad was patient and explained everything simply.

Fran - FMC Ltd

I had an issue with Spam email that Mohammed dealt with speedily and efficiently.

Paul - Silva Timber Ltd

Quick service, e-mailed and someone phoned me back within 15 minutes.

Andy - Adams Mitchell

Very quick response, cleared issue very quickly.