Launched in June 2014, Cyber Essentials was developed by Government and industry to provide businesses with clarity and guidance on good basic cyber security practice. As of October 2014, the Government has also required any organisations bidding for central government contracts which involve handling personal information and providing certain ICT products and services to be certified. Cyber Essentials comes in two flavours Basic and Plus.
Basic certification is self-assessed, organisations complete and submit the questionnaire to be audited by an independent certification Body. As part of our service, we offer an online portal for customers, enabling you to log in and complete the questions online before we review and Certification is granted.
If you are applying for the ‘Plus’ certification, then an onsite audit is required to evaluate the controls in place and their adherence to the requirements. The audit is designed to test that the required controls are in place, to test that systems and security software have been correctly configured to mitigate cyber-threats, and that the required policies are in place. An external vulnerability scan is also required as part of Cyber Essentials Plus. Upon successful completion of the audit and satisfactory vulnerability scan results, OmniCyber Security will then be able issue the customer with the Cyber Essentials Plus certification.
Cyber Essentials can be a low-cost stepping stone to other Information Security standards. Many customers have used their Cyber Essentials certification to get Information Security on board meeting agendas and use it as a springboard to ISO27001 and the PCI DSS standards.
OmniCyber Security help many customers ‘start small’ and go on to achieve certifications for other Information Security standards, making Information Security part of everyday business practice.