Discover your certification today Browse
Open page navigation
Cyber Security

Cyber Essentials is a certification scheme developed by the UK Government, offered within APMG’s extensive cyber security portfolio.

Is Cyber Essentials mandatory for my organization?

Cyber Essentials is a certification scheme developed by the UK Government, offered within APMG’s cyber security portfolio. For those of you unfamiliar with the scheme – Cyber Essentials provides a set of requirements for businesses, large or small to measure their cyber security systems against.

Satisfying these requirements means the organization can be confident it’s compliant with basic cyber security best practice – displaying the cyber essentials badge channels that confidence to its customers as well.

Crucially on 1 October 2014 Cyber Essentials was made mandatory for organizations looking to secure government contracts which concern handling personal information and delivering certain ICT products and services.

It is now mandated that suppliers can prove they meet the technical requirements defined in Cyber Essentials when bidding for contracts featuring the characteristics highlighted in the Government’s procurement policy:

  • Where personal information of citizens such as home addresses, bank details, or payment information is handled by a supplier.
  • Where personal information of Government employees, Ministers and Special advisors such as payroll, travel booking or expenses information is handled by a supplier.
  • Where ICT systems and services are supplied which are designed to store, or process, data at the official level of the Government Protective Marking scheme.

The mandate is part of the UK Government’s strategy to reduce the vulnerability of UK businesses and bolster the country’s defences against the prevalent threat of cyber-crime.

Minister for Cabinet Office, Francis Maude said, “It’s vital that we take the steps to reduce the levels of cyber security risk in our supply chain. Cyber Essentials provides a cost-effective foundation of basic measures that can defend against the increasing threat of cyber-attack. Businesses can demonstrate that they take this issue seriously and that they have met government requirements to respond to the threat.”


Francis Maude with APMG CEO, Richard Pharro at DSEI


Ministry of Defence announces Cyber Essentials is mandatory for its suppliers

In further news – the Ministry of Defence announced that as of 1 January 2016 all suppliers to the MOD are also required to comply with the Cyber Essentials scheme. The MOD stated that, “the requirement must be flowed down the supply chain.” So while organizations in direct business with the MOD must be Cyber Essentials certified – it’s mandatory for the other organizations in the supply chain too.

Get Cyber Essentials certified with an APMG Certification Body

APMG appoints its trusted certification bodies to carry out assessments and award the Cyber Essentials badge. APMG currently offers both Cyber Essentials and Cyber Essentials Plus. Getting certified is a straightforward process and APMG’s certification bodies have been rigorously assessed to ensure you’re in safe, expert hands.

You’ll be able to find out more information and contact our certification bodies here.

Author Matt Brewitt – Originall posted January 18, 2016


Person stood on a cliff edge looking upon clouds rolling through mountains

The Cloud Industry Forum (CIF) Code of Practice

Ensure your cloud services are a beauty to behold

View more
Man with a head torch shining light into the sky

GCHQ Certified Training (GCT)

Leading the search for exceptional cyber security training courses

View more
Impressive hawk

CDCAT® - Transform your approach to Cyber Security

Total strategic overview is a formidable advantage

View more