At Cultrix, we recommend Cyber Essentials accreditation for any business wanting to improve the safety and security of their IT infrastructure. Want to know what’s involved? Here are your basic questions about Cyber Essentials answered.
What is Cyber Essentials?
Cyber Essentials is a government-backed, industry-supported and recognised scheme to help businesses and organisations of any size and type protect themselves against a whole range of common online threats.
By going through the Cyber Essentials scheme, your business or organisation achieves Cyber Essentials accreditation.
How do I get Cyber Essentials accreditation?
It depends on what level of Cyber Essentials you want to achieve. It’s a simple structure of two levels:
- Cyber Essentials, which is a self-assessment process, where you self-certify after going through the necessary questionnaire and submitting your response, which a qualified assessor verifies
- Cyber Essentials Plus, which involves a qualified assessor attending your premises onsite to go through the questionnaire process in person
Can we go straight for Cyber Essentials Plus?
No. Before you can apply to be Cyber Essentials Plus certified, you must pass the Cyber Essentials basic level first. You must also complete Cyber Essential Plus within three months of achieving Cyber Essentials.
What’s the process for basic Cyber Essentials certification?
You go through a self-assessment questionnaire, via an online portal. Once you submit your application, the system notifies you if you’ve passed or not. If you don’t pass and there are gaps identified, you have three days to address these and submit the application again. There is no extra payment for this second application. But if you don’t pass again, you have to make a fresh application and payment.
What does Cyber Essentials Plus ask for?
There are five technical areas of the questionnaire and assessment that look at five different aspects of your IT infrastructure:
- Firewalls
- Secure configuration
- User access controls
- Patch management
- Malware management
Will the assessor look at every single aspect of our IT?
It depends on the size of your organisation. The assessor will usually choose a representative selection of user devices, internet gateways and servers with services accessible to unauthenticated internet users, of approximately 10%. Depending on the results obtained, they will conduct further tests.
How long does Cyber Essentials Plus certification last?
You will need to renew your certificate annually. Companies that do not renew their certificate annually are removed from the list of accredited companies.
Who can help with Cyber Essentials and Cyber Essentials Plus?
Once you decide you want to proceed with Cyber Essentials you will need to engage the help of your IT department, or IT support.
Cultrix, as IT support providers, support businesses and organisation with the questionnaire and audit procedure of Cyber Essentials certification.
In fact, all Cultrix IT support customers comply with and have the technical elements of Cyber Essentials already in place as part of our own Cultrix Essentials Vulnerability Audit.
Read more about why we always recommend Cyber Essentials.
What’s next?
Get in touch with the Cyber Essentials experts at Cultrix, who will guide you through.
And, you can check out the IASME free download of verified questions, to help you get started and prepared.
< Read more articles on our IT Academy
Business services like IT support, when they work properly, are a true partner to business. Here’s what it’s like when your IT support is a true partner.
If it can happen to McAfee, UNICEF and eBay…
It’s a wake-up call for brands – the SubdoMailing attack sees 8000 household names’ domains hijacked and exploited. Here’s why and how to protect your brand.