A first step towards getting your company on the Cyber security roadmap would be to complete a Cyber Essentials course, leading to your company being certified.
Launched in June 2014, Cyber Essentials was developed by Government and industry to provide businesses with clarity and guidance on good basic cyber security practice. As of October 2014, the Government has also required any organisations bidding for central government contracts which involve handling personal information and providing certain ICT products and services to be certified
Attaining certification under Cyber Essentials demonstrates to your customers and partner that your company takes seriously the subject of cyber security in accordance with the UK's National Cyber Security guidelines.
Cyber Essentials is available at a Basic and Plus Level, which is described in detail below.
Basic certification is self-assessed. As part of our service, we offer an online portal for customers, enabling you to log in and complete the questions online before we review and certify your company. Once you qualify you will be able to used the Cyber Essentials branding on your literature and website.
The cost for this service is standardised at £300 exc VAT per annum
If you are applying for the ‘Plus’ certification, then an onsite audit is required to evaluate the controls in place and their adherence to the requirements. The audit is designed to test that the required controls are in place, to test that systems and security software have been correctly configured to mitigate cyber-threats, and that the required policies are in place. An external vulnerability scan is also required as part of Cyber Essentials Plus. Upon successful completion of the audit and satisfactory vulnerability scan results, OmniCyber Security will then be able issue the customer with the Cyber Essentials Plus certification.
Cyber Essentials can be a low-cost stepping stone to other Information Security standards. Many customers have used their Cyber Essentials certification to get Information Security on board meeting agendas and use it as a springboard to ISO27001 and the PCI DSS standards.
OmniCyber Security help many customers ‘start small’ and go on to achieve certifications for other Information Security standards, making Information Security part of everyday business practice.