FAQ

Cyber Essentials is for organisations of all sizes and across all sectors. This is not just limited to companies in the private sector, but is applicable to universities, charities, public sector, government bodies and not-for-profit organisations.

The Cyber Essentials scheme provides organisations with clarity on what essential baseline IT security controls they need to have in place to reduce the risk posed by common threats on the internet. Organisations that achieve certification can demonstrate to their customers, through the Cyber Essentials badge, that they are proactively taking steps to mitigate cyber security risks

You can apply right now. Simply click here to apply and start your assessment for Cyber Essentials..

Cyber Essentials will cost €599+ VAT (other payment processing charges may be incurred). Additional charges may apply if an organisation needs assistance in completing its application or providing the evidence required to achieve certification.

Cyber Essentials Plus is more complex and involves internal and external vulnerability scanning and an on-site visit. The audit is priced on a case by case basis. Costs will depend on a number of factors including size of organisation, scope and time needed to conduct the Cyber Essentials Plus audit.

Organisations that have successfully been assessed against Cyber Essentials will receive:

• Cyber Essentials Certificate
• Marketing materials such as logos and badges
• Branding guidelines
• Inclusion in online register of certified companies (optional)
Being able to advertise that you have met the Cyber Essentials standard will give you an edge over competitors in the same market.

As a minimum, to retain certification organisations must recertify annually prior to the expiry date. The assessment process is a ‘snap shot’ in time and it can only be sure to be effective on the day of assessment, similar to an NCT on a car. Like the car will not remain roadworthy without regular maintenance between NCT inspections, the organisation must maintain and update its IT security controls over the certified period to guard against cyber attacks.

Yes, Cyber Essentials complements many other cyber and information security frameworks and certifications. You can gain certification in  other schemes such as ISO 27001, PCI DSS, SOX, SSAE, SOC ISO 20000 etc im tandem with Cyber Essentials. . Detailed examples can be seen in Annex A of the requirements document HERE.

Cyber Essentials should be seen as a first, vital step of your Cyber Risk Strategy. Its aims are to mitigate approximately 80% of known internet based attacks. Additional frameworks or standards may be needed to address other risks.

CESG (the information security arm of the UK Governments’ GCHQ) has carried out an analysis of successful cyber attacks on a wide range of organisations. This analysis has helped identify the basic technical controls which most effectively mitigate cyber attacks by unsophisticated attackers using tools that are widely available on the internet. Cyber Essentials comprises the core actions necessary to mitigate the majority of these threats. You can find out more on these five controls here.

A secure website may provide a secure link between you and your customer. Cyber Essentials aims to protect the data once it is stored within your systems.

Cyber Essentials offers a sound foundation of basic IT security controls that all types of organisations can implement and potentially build upon. Implementing these controls can significantly reduce an organisation’s vulnerability. However, it is not designed to address more advanced, targeted attacks and hence organisations facing these threats will need to implement additional measures as part of their Cyber Security Strategy.

You may need to engage with your service provider to work with you to achieve certification to Cyber Essentials.