Cyber Essentials is a UK government-backed scheme to help prepare organisations against common internet-based cyber threats, providing a sound foundation of good practice in information security - your ‘cyber essentials.’

Reasons for Cyber Essentials certification.

In addition to providing a sound foundation to build on, Cyber Essentials certification demonstrates to your customers, suppliers, and other parties (such as your insurers) that you have taken precautions to reduce your information security risks.

Since October 2014, Cyber Essentials has been mandatory for suppliers of government contracts, which involve handling personal information and providing some ICT products and services.

Cyber Essentials

Systems are self-assessed by the organisation by completing a questionnaire with the responses independently reviewed by an external certifying body.

Annual re-certification is required.

Cyber Essentials Plus

Covers the same requirements as Cyber Essentials.

However, the systems are assessed by an external certifying body, using an additional set of tools and techniques to ensure that information risk management has become integral to the organisation’s approach.

Annual re-certification is required.

What are the requirements?

The Cyber Essentials assessment ensures your organisation meets the 5 technical controls to guarantee a good practice of information governance.

Secure configuration

To help prevent unauthorised actions by exploiting insecure configurations.

Boundary firewalls & internet gateways

To ensure effective perimeter protection, determining and controlling access permissions.

Access controls

Restricts access to the necessary minimum or users, while managing and controlling admin rights permissions.

Patch management

Hackers commonly exploit known vulnerabilities. Ensures security patches are up to date and that they are fully deployed across your organisation.

Malware protection

Malware protection helps to identify and prevent/remove any potential threats from malicious software.

For certification, you may be required to supply various forms of evidence to determine that your organisation meets all necessary requirements.

How can Comtact help?

Comtact’s vulnerability scan uses a suite of tools to provide a technical assessment of your IT estate, highlighting your exposure to known vulnerabilities such as ransomware and other malware.

We will then advise on the steps required to meet the criteria for Cyber Essentials certification. To assist, we have produced a handy guide to help you complete the Cyber Essentials assessment.

Proud to work with...

Enriching the Student Experience at Plymouth University

Proud to work with...

Protecting St Andrew’s to improve Patient Experience

Subscribe and keep your knowledge up to date.