Cyber Essentials Scheme

Since 1 October 2014, Cyber Essentials became a minimum requirement for SMEs bidding for some government contracts, or to join the government’s contract supply chain.

The UK Government sponsored Cyber Essentials Scheme aims to help organisations of all sizes implement basic levels of protection against cyber attack. Allowing them to demonstrate to their customers that they take cyber security seriously.

The scheme is available at two levels:

Cyber Essentials

An independently verified self assessment. Organisations assess themselves against five basic security controls, signed off at senior management level, and a qualified assessor verifies the information provided.

Cyber Essentials PLUS

A qualified and independent assessor examines the same five controls, testing that they work in practice by simulating basic hacking and phishing attacks. Gaining this verification provides your customers with a higher level of assurance.

What areas does Cyber Essentials look at?

There are 5 areas, or controls, covered by Cyber Essentials assessment:

Boundary firewalls and Internet gateways;

Secure configuration;

User access control;

Malware protection;

Patch management.

When properly implemented, these controls will help to protect your data against hackers using common security exploits.

Organisations that undertake Cyber Essentials are encouraged to recertify at least once a year and, where appropriate, progress their security.