Supported by industry, and backed by the Government’s National Cyber Security Centre (a part of GCHQ), Cyber Essentials is designed to help organisations, of all sizes, to guard against the most common cyber threats and demonstrate a commitment to cyber security. The scheme focuses on five essential technical controls:
- Secure your Internet connection
- Secure your devices and software
- Control access to your data and services
- Protect from viruses and other malware
- Keep your devices and software up to date
It is designed to be a baseline for cyber security and help reassure customers that the organisation being assessed is effectively addressing cyber security risks. Cyber Essentials certification demonstrates that you have carried out basic steps towards protecting your organisation from cyber attacks, which is important from a GDPR perspective. The UK’s GDPR Supervisory Authority (the Information Commissioner’s Office) includes Cyber Essentials on their GDPR security checklist.
Cyber Essentials – achieved after a self-assessment questionnaire is completed and sent for review. The Certification Body will assess the questionnaire to verify that the controls have been met.
Cyber Essentials Plus – the protections you need to have in place are the same, but your cyber security is verified independently by a Certification Body.