Aiming to make the UK one of the safest places in the world to do business online, the Government’s Cyber Security Strategy includes introducing an annual Cyber Essentials Certification which businesses, small and large, must adopt if they wish to trade with local or central Government. No Certificate, no business.
The need to be Cyber Essentials Certified is likely to trickle down as public sector suppliers ensure the people they do business with also comply. It is a simple and smart way to ensure you have done all you can to make your business secure. Ziptech’s Cyber Essentials team has put together a service which will take you painlessly through the process.
Based on the Government’s 10 Steps to Cyber Security model (you can check it out on Google), Cyber Essentials focuses on five cyber security areas which businesses ought to control in order to maintain a fundamental level of protection against cyber threat. The five control areas are covered by 34 questions which must be answered in the Cyber Essentials Questionnaire. You can obtain a foundation level Cyber Essentials certification or Cyber Essentials Plus which takes a little more time.
Although the Cyber Essentials questions are simple and reflect what seems like ’common sense’, very few companies actually maintain these 34 simple measures. They can’t be addressed by buying a new security box or piece of software, no matter how much you are prepared to spend.
Instead, most of these 34 questions can be answered positively by implementing technology you already have correctly and by putting new processes in place. Once you have adhered to the requirements you must regularly review to ensure you maintain the standards.
How To Obtain Accreditation
We have simplified the process into six steps. The first four steps detailed here will help you achieve foundation level Cyber Essentials, the first of two levels of accreditation:
Step 1: Cyber Security Review
Ziptech checks your current security levels against the 34 Cyber Essential Questions (and a wider set of requirements that are modelled on the Government’s 10 Steps). We will report back to you indicating where your security falls short and agree with you how best to close the gap.
Step 2: Remediation
Our senior engineers implement the plan. It cannot be successfully implemented by desktop engineers.
Step 3: Cyber Essentials Certification
We will review your new security levels against the 34 areas, prepare your documents and submit the questionnaire. We will liaise with the certifying body and provide clarifications on your behalf. You will then receive your foundation level Cyber Essentials certification. You can go on to achieve Cyber Essentials Plus but it requires additional administration and on-site validation by the certifying body.
Step 4: Ongoing Monthly Alignment
With a network, nothing stays the same for long – users, devices, software and configurations change and you must be in a position to renew your Cyber Essentials Accreditation annually. Ziptech gives you access to a senior consultant who is responsible for monitoring and running scheduled vulnerability tests. They will also prepare a report for your Board which demonstrates that correct IT governance is in place, having performed monthly alignment checks.
To make sure you achieve and maintain certification, we advise you to engage with Ziptech to ensure you will pass the test before you apply (numerous applications are expensive) and maintain testing throughout the year, making renewal a simple process.
Please contact Elton Tobin on 01932 233 532 for more information.