What is Cyber Essentials and how to achieve accreditation

Cyber Essentials helps you to guard your organisation against cyber attack.

including the most common cyber threats and demonstrate your commitment to cyber security. Here at the South West Cyber Resilience Centre we are big fans of Cyber Essentials. I will focus on how we achieved CE at the SWCRC in this article hoping it will help you too.

what is cyber essentials

Cyber Essentials is an effective, Government backed scheme that will help you to protect your organisation, whatever its size, against a whole range of the most common cyber attacks.

The vast majority are very basic in nature, carried out by relatively unskilled individuals. They’re the digital equivalent of a thief trying your front door to see if it’s unlocked. Our advice is designed to prevent these attacks.



There are two levels of certification:


Cyber Essentials

This is self-assessed and gives you protection against a wide variety of the most common cyber attacks. This is important because vulnerability to basic attacks can mark you out as target for more in-depth unwanted attention from cyber criminals and others.

Certification gives you peace of mind that your defenses will protect against the vast majority of common cyber attacks simply because these attacks are looking for targets which do not have the Cyber Essentials technical controls in place.


Cyber Essentials shows you how to address those basics and prevent the most common attacks.


Cyber Essentials Plus


Cyber Essentials Plus still has the Cyb


er Essentials trademark simplicity of approach, and the protections you need to put in place are the same, but for Cyber Essentials Plus a hands-on technical verification is carried out.

The benefits of Cyber Essentials


  • Reassure customers that you are working to secure your IT against cyber attack

  • Attract new business with the promise you have cyber security measures in place

  • You have a clear picture of your organisation's cyber security level

  • Some Government contracts require Cyber Essentials certification

  • If you intend to bid for central government contracts which involve handling sensitive and personal information or the provision of certain technical products and services

The IASME consortium can help you to get certified. There is also the Cyber Essentials readiness toolkit. Your responses to the questions in the toolkit help to create a personal action plan to help you move towards meeting the Cyber Essentials requirements. The action plan includes links to specific guidance on how to meet the requirements.



Initially we used one of our Trusted Partners C3iA Solutions Limited based in Poole in Dorset to enroll us in the program. This generated a portal through which we could go through the questions that form the assessment. You can do this at your own leisure and as many times as you need to. This allows you to research your systems, the machines you use and examine how relevant your IT policies are.


The questions we struggled to answer we spoke to our Managed Service Provider Modus (Scotland) Ltd and together we completed the assessment. This whole process took no more than four hours in total. Our initial submission was unsuccessful but with feedback from IASME and more detail added the second submission was successful and we now proudly display our IASME CE Certification.


Overall this was a really positive experience and we are reassured that we are doing as much as we can to safeguard our own systems and most importantly the data our members entrust us with.


To find out more about our free membership, please go to our website here.


The contents of this website are provided for general information only and are not intended to replace specific professional advice relevant to your situation. The intention of The Cyber Resilience Centre for the South West is to encourage cyber resilience by raising issues and disseminating information on the experiences and initiatives of others.  Articles on the website cannot by their nature be comprehensive and may not reflect most recent legislation, practice, or application to your circumstances. The Cyber Resilience Centre for the South West provides affordable services and Trusted Partners if you need specific support. For specific questions please contact us.

 

The Cyber Resilience Centre for the South West does not accept any responsibility for any loss which may arise from reliance on information or materials published on this document. The Cyber Resilience Centre for the South West is not responsible for the content of external internet sites that link to this site or which are linked from it.