Cyber Essentials – CE/CE Plus
Cyber Essentials is a Government-backed scheme, led by the National Cyber Security Centre (NCSC), to help organisations protect themselves against common online threats.
What Are The Cyber Essentials Schemes?
Cyber Essentials is a Government-backed, industry-supported scheme to help organisations protect themselves against common online threats. The scheme was developed by the National Cyber Security Centre (NCSC) and launched in 2014.
Cyber Essentials provides a clear set of controls to implement which will provide protection against 80% of the most common cyber breaches. Its objectives outline the basic security controls with organisations to mitigate common cyber security risks.
Cyber Essentials is suitable for all organisations, irrespective of size or market sector.
IAASME is the accreditation body for all Cyber Essentials certifications.
Our team at CyberWhite provide specialised packages, working directly with you to deliver detailed security guidance whilst preparing your workforce through education and awareness to meet the standard and the certification.
The CyberWhite Approach: Assisted Cyber Essentials / Cyber Essentials+
The CyberWhite team work directly with you to achieve the Cyber Essentials or Cyber Essentials Plus certification by providing tailored support and helpful guidance throughout the process.
As part of this service, you will receive:
Our approach ensures that you only need to go through the process once.
Why Should I Become Cyber Essentials Certified?
Cyber Essentials Basic and Cyber Essentials Plus is mandatory for organisations looking for certain government contracts. Without the certification, you may not be able to bid for these contracts.
The UK Ministry of Defence (MOD) requires all its suppliers to comply with the Cyber Essentials Basic and Plus schemes. This means that all organisations directly conducting business with the MOD, or organisations delivering to the MOD supply chain require Cyber Essentials.
Being certified to Cyber Essentials demonstrates to your employees, clients, suppliers, stakeholders and industry partners that your organisation holds itself to a high standard of cyber security, and that you maintain a strict stance on cyber security in accordance with the UK’s National Cyber Security Programme.
Once certified, your certification is valid for one year.
Upon becoming Cyber Essentials certified, organisations with a turnover of less than £20m automatically receive cyber insurance cover of £25,000.
Suffered A Security Breach?
Recent government figures suggest that up to 88% of UK organisations have suffered a security breach within the last 2 years with the average cost to a small company of £16,100. Larger organisations’ costs were significantly higher.
Frequently Asked Questions
Cyber Essentials is a foundation-level certification designed to provide a statement of the basic controls your organisation should have in place to mitigate the risk from common cyber threats.
Certification is achieved through a self-assessment questionnaire that is independently marked and your answers are compared with best practices.
Once you achieve Cyber Essentials, you have three months to apply for Cyber Essentials Plus. If you wish to apply for Cyber Essentials Plus after three months, then you must resubmit your Cyber Essentials application.
Once you achieve certification, it remains valid for one year.
Cyber Essentials Plus is the highest level of certification offered under the Cyber Essentials scheme and an expansion of the Cyber Essentials basic certification.
This is a more rigorous test of your organisation’s cyber security systems.
Our cyber security experts carry out a vulnerability scan against your internal networks (within the scope of your application) to make sure that your organisation is protected against basic hacking and phishing attacks and that the statements made in your Cyber Essentials basic questionnaire are correct.
Our assessor will select a random sample of devices to ensure that they are configured according to the scheme.
The selected devices will be subject to a vulnerability scan to assess patch levels and configurations.
The assessment will also include a scan of your internet facing IP addresses external ports and your email and internet browser settings will also be reviewed.
Once you achieve Cyber Essentials Plus certification, it remains valid for one year.
The team at CyberWhite will be in contact 2 months before your re-certification is due.
This means that you don’t have to worry about your certification lapsing and we will have plenty of time to prepare you for a successful re-certification.
Please complete the form below to find out more.
What Our Clients Say
“CyberWhite have been a pleasure to deal with by repeatedly demonstrating their professionalism and technical knowledge throughout the procurement process and execution of our project. From initially exploring our goals to a consultant working with us on-site and remotely, we’ve enjoyed a positive experience that has ultimately benefited our organisation and helped to improve our Cyber Security posture.”
“I would like to say a thousand “thank you’s” to CyberWhite after rescuing us from the commercial disaster we faced after being subjected to a very sophisticated fraud. Without the timely involvement and expertise from CyberWhite, we would undoubtedly have faced catastrophic consequences including a significant financial loss and possibly a forced closure of the business. We will always remember the kindness and professional approach taken by the CyberWhite team. They were able to successfully recover the critical data which was the life blood of our business. This expertise has allowed us to continue trading and provided us with the additional benefits of ensuring that we are more cyber risk aware and we now have a security partner to support us.”
“As an Operator of Essential Services, PX Group comply with advice provided by recognised security bodies such as NCSC. The advice is relevant to all organisations who provide infrastructure or support to the UK’s critical national infrastructure. PX Group engaged CyberWhite to undertake Third Party Security Audits (aligned to ISO28000:2007) against key suppliers who had access to information assets within the PX Group domain. CyberWhite created a comprehensive audit document set and supported this with interviews and visits in order to validate responses. The output from CyberWhite was comprehensive and provided security assurance to PX Groups stakeholders and interested parties that the key suppliers had a focus on security and understood and could demonstrate best practices in relation to the handling of PX Groups information assets. This process has been invaluable in validating what we believed and providing a platform from which we will continue to assess, review and benchmark all parties in our information supply chain.”
