Cyber Essentials is a cyber security certification scheme that is prominent in the United Kingdom. It was developed by the UK Government as part of its National Cyber Security Strategy to make the country a safer place to do business online
The scheme helps organisations take the initial steps towards protecting themselves from online cyber criminals. It measures an organisation against five key security controls – which when met, give an organisation confidence that it’s protected against the most common cyber threats.
Therefore, a Cyber Essentials certified organisation can be assured that it’s successfully taken the initial steps towards establishing a good level of cyber security hygiene – while communicating this assurance to its customers and stakeholders with a Government-endorsed standard.
As of October 2014 – Cyber Essentials is mandatory for suppliers of Government contracts that involve handling personal information and delivering certain ICT products and services.
Why was Cyber Essentials introduced?
Cyber-attacks on businesses’ sensitive assets are commonplace. Successful attacks often cost organisations thousands of pounds and cause long periods of disruption. In response – the UK Government has made making the country a safer place to conduct online business a primary objective of its National Cyber Security Strategy.
Considering that most cyber-attacks exploit the basic vulnerabilities in an organisation’s IT systems and software – the Cyber Essentials scheme was designed to show organisations how to address these weaknesses and protect against the most common attacks.
The scheme was also introduced to help organisations avoid being fined or prosecuted due to unwittingly breaching the Data Protection Act as a result of losing data during an attack .
The UK Government appointed APMG International as one of the accreditation bodies to deliver the Cyber Essentials scheme.
Why should an organisation get Cyber Essentials certified?
Cyber Essentials highlights some of the most fundamental technical security controls that an organisation should have in place to secure itself against internet based security threats. Getting certified enables organisations to be better prepared against the vast majority of cyber threats and inspire confidence in those that do business with them.
The UK Government encourages all the countries’ businesses to protect themselves – Cyber Essentials is therefore a straightforward and cost-effective cyber security solution.
Certified organisations are awarded a Cyber Essentials badge – communicating that they take the issue of data protection seriously and enabling them to bid for certain government contracts.
What’s APMG’s role?
APMG is a UK Government appointed accreditation body for the Cyber Essentials scheme. APMG appoints certification bodies which assess organisations applying for the Cyber Essentials certificate. Certification Bodies are assessed in alignment with APMG’s renowned quality standards – so that Cyber Essentials applicants can trust in the competence of their chosen assessor.
How does an organisation get Cyber Essentials certified?
The process is straightforward. APMG’s Cyber Essentials service is unique in that the process is housed in an online portal. Applying organisations simply complete the self-assessment questionnaire and choose one of APMG’s trusted certification bodies to assess it. APMG hosts an organisation’s certificate and sends their Cyber Essentials digital badge.
For full details on Cyber Essentials and the application process – visit APMG’s website.
Author - Matt Brewitt
Originally published 27 February 2017