In addition to providing a sound foundation to build on, Cyber Essentials PLUS certification demonstrates to your customers, suppliers, and other parties (such as your insurers) that you have taken precautions to reduce your information security risks.
Since October 2014, Cyber Essentials has been mandatory for suppliers of government contracts, which involve handling personal information and providing some ICT products and services.
Systems are self-assessed by the organisation by completing a questionnaire with the responses independently reviewed by an external certifying body.
Cyber Essentials PLUS certification can be difficult to achieve without the correct preparation.
Systems are required to be assessed by an external certifying body, using an additional set of tools and techniques to ensure that information risk management has become integral to the organisation’s approach.
The Cyber Essentials PLUS assessment ensures your organisation meets the 5 technical controls to guarantee a good practice of information governance.
To help prevent unauthorised actions by exploiting insecure configurations.
Boundary firewalls & internet gateways
To ensure effective perimeter protection, determining and controlling access permissions.
Restricts access to the necessary minimum or users, while managing and controlling admin rights permissions.
Hackers commonly exploit known vulnerabilities. Ensures security patches are up to date and that they are fully deployed across your organisation.
Malware protection helps to identify and prevent/remove any potential threats from malicious software.
For certification, you will be required to supply various forms of evidence to determine that your organisation meets all necessary requirements.
Comtact's Cyber Essentials PLUS readiness service prepares and advises you on the improvements required to standards for Cyber Essentials PLUS certification.
To assist, we have produced a handy guide to help you complete the Cyber Essentials questionnaire.