Cyber Essentials Plus is an expansion upon the “Cyber Essentials (Standard)” which includes an audit of the organisation’s IT systems.
All organisations MUST have Cyber Essentials Verified Self-Assessed certification dated within 3 months prior to applying for Cyber Essentials Plus.
Cyber Essentials Plus involves an audit of your system by one of our highly trained assessors. The aim of the assessment is to confirm that all controls that have been declared in Cyber Essentials are implemented on the organisation’s network. By undertaking and completing Cyber Essentials Plus, you can declare publicly, that your organisation has been proven to meet baseline security standards set out by Cyber Essentials.
The key elements of a Cyber Essentials Plus audit can be summarised as follows:
- An assessor will pick a sample of computers at your organisation and perform an audit to ensure that the devices are configured as per the scheme.
- A vulnerability scan will be performed on these machines to confirm patching and basic configuration are at an acceptable level
- An external port scan of your internet-facing IP addresses will be conducted to ensure no clear and obvious misconfigurations or vulnerabilities can be identified.
- A test will be conducted on your default email/internet browser to confirm how well configured they are to prevent the execution of fake malicious files.
- Screenshots will be taken as evidence that the system is Cyber Essentials compliant.
Should there be any issues identified that require remediation, there is an extended period of 30 days with this package. Failure to complete remediation at this time will result in a failure.
On successful certification of your organisation, you will be provided with a certificate that is valid for 12 months from the pass date. Optionally, you may be added to a list of Cyber Essentials certified companies, and you can henceforth advertise your organisation’s compliance with the Cyber Essentials Scheme.
The Cyber Essentials + scheme is a set of baseline technical controls produced by the UK Government and industry to help organisations, large and small, public and private, improve their defences and publicly demonstrate their commitment to cybersecurity.
The Cyber Essentials scheme addresses the most common internet-based attacks that use widely available tools and that need very little skill for the attacker to use.
The scheme helps organisations to protect the confidentiality, integrity, and availability of data stored on devices that connect to the internet.
Certified cyber security
- Reassure customers that you are working to secure your IT against cyber attacks.
- Attract new business with the promise you have cyber security measures in place.
- You have a clear picture of your organisation’s cyber security level.
- Some Government contracts require Cyber Essentials certification.