Distology Cyber Essentials Campaign FAQs

 

What is the certification?

Cyber Essentials represents the government’s minimum baseline standard for Cyber Security in the UK.
There are two levels to Cyber Essentials:

• Cyber Essentials Plus starts with the Cyber Essentials verified self-assessment questionnaire but also includes a technical audit of the organisation’s systems to verify that the Cyber Essentials controls are in place. The audit includes an internal and external vulnerability scan and then focuses on a random selection of user devices, all internet gateways and all servers which are accessible to internet users. The assessor will test a random sample of these systems (typically around 10 per cent) and then decide whether further testing is needed
• The controls for Cyber Essentials and Cyber Essentials Plus are the same, but the level of assurance is different. Cyber Essentials Plus offers a higher level of assurance as the controls have been checked by a third party to ensure they are correctly implemented

 

Who needs to be certified?

Anyone bidding for central government contracts which involve handling sensitive and personal information or the provision of certain technical products and services will require Cyber Essentials Certification. More information is available on the gov.uk website.

 

When do companies need to be certified?

Companies need to renew their certificates annually as they expire after twelve months. Cyber Essentials will remove companies from their certified organisation list if they are not certified within twelve months of their last certificate.

The government made significant updates to the technical requirements of Cyber Essentials in January 2022. One of the most important of those was to ensure end users have MFA in place, this will be marked for compliance from January 2023. More information can be found here: The January changes to the Cyber Essentials scheme reflect the changing cyber threats in today’s digital environment – Iasme

 

How do organisations get certified?

• Cyber Essentials is a verified self-assessment which costs between £300 and £500 PA depending on the size of the organisation
• In order to be Cyber Essentials Plus certified, organisations must be verified by one of a number of certification bodies that are trained and licensed to do the Cyber Essentials Plus audit for you. The cost will depend on the size and complexity of your network. More info: Cyber Essentials Plus Get a Quote – Iasme

 

Why should organisations care about this certification?

• Reassure customers that you are working to secure your IT against cyber attack
• Attract new business with the assurance you have cybersecurity measures in place
• Create a clear picture of your organisation’s cybersecurity level
• Qualify to bid for select government contracts