Cyber Essentials most frequently asked questions
What is the Cyber Essentials scheme?
Cyber Essentials is a Government-backed, industry-supported certification and run by National Cyber Security Centre (NCSC). It helps businesses to put basic security controls in place to fight most common cybersecurity threats. By achieving the certification your business shows the commitment to Cyber Security.
There are two types of Cyber Essentials (CE) Certifications. Cyber Essentials basic and Cyber Essentials Plus.
Who needs Cyber Essentials certification?
Any business that is tendering for government work is required to have the certification. By achieving Cyber Essentials your business is showing the commitment for Cyber Security. Your suppliers, partners and clients feel more confident in sharing data with you. If you are tendering for Government projects you must have Cyber Essentials.
How do I get Cyber Essentials certification?
Find a Certification Body, purchase the package you are looking for, then the Certification Body will send you the Cyber Essentials Questionnaire and follow the process. You can find the list of Certification Bodies on IASME website or simply get in touch with us. Check out the patching requirements and checklist for CE on our website.
How much does Cyber Essentials cost?
The CE basic certification costs £300 + VAT.
The CE Plus costs £1,900 + VAT. CE plus include CE basic.
The costs are for Certification only. It will cost more if your IT systems are to be updated.
How long does Cyber Essentials certification last?
Certification is only valid for a year and needs to be renewed every year to keep the status. The process will be the same again but not as tedious as the first time as long as you are keeping up with security controls that were put in place.
What is the difference between Cyber Essentials and Cyber Essentials Plus?
Cyber Essentials is a Self-Assessment certification where you would fill in a self-assessment form and the IAMSE Certification Body will assess the application. If all goes well you will pass. CE plus includes the self-assessment as well as an audit from the Certification Body. The audit includes the vulnerability scan of the systems, malware test, browser download test, email test and external scan. CE plus is the advanced certification and recommended.
How long does it take to get Cyber Essentials certification?
Cyber Essentials basic Certification can be achieved in a day or less. However, Cyber Essentials Plus depends on the availability of the assessor, your (client) availability and the outcome of the audit. If the audit finds gaps then you will have 30 days to fix them. If everyone is available and everything goes well then the certification can be done in a day as well.
What security controls are covered by Cyber Essentials?
Cyber Essentials Scheme covers 5 technical controls. They are
- Secure configuration
- User Access Controls
- Patch Management
- Malware Management
What Cyber Essentials certification should we get?
We would recommend you to go for Cyber Essentials Plus. It involves an onsite visit and testing from the Certification body and ensures that you have the required security controls in place. Although it costs more to achieve CE Plus certification it is worth it.
Cyber Essentials Level 1 is a straightforward exercise where you answer the questionnaire from the certification body and they will evaluate your answers then perform an external scan on your IP address. If all goes well you will pass and a certificate will be issued.
In layman terms, Cyber Essentials level 1 is you saying you have the security controls in place and Cyber Essentials plus is the Certification Body testing if what you said is right.
What is the difference between Cyber Essentials and ISO 27001?
Cyber Essentials is a framework for Technical security controls focusing on IT infrastructure whereas ISO 27001 is a risk management framework for data Security and compliance wherever it is. WRT which one you want to achieve really depends on your business requirement.
Hope that answers most of the frequently asked questions about Cyber Essentials. Check out our blog post ‘Everything you need to know about Cyber Essentials’ to find out more about Cyber Essentials.
IASMECyber Essentials questionnaire
Read or Download the IASME Cyber Essentials Questionnaire pdf copy here. The questionnaire has different sections laid out for all the controls as well as providing the preparation advice.More
What is the process for Cyber Essentials Plus Certification?
Cyber Essentials Plus accreditation involves the auditing of your IT systems. Read the article to know what exactly is involved in the process.More
What exactly is involved in Cyber Essentials Plus audit?
Cyber Essentials Plus accreditation involves the auditing of your IT systems. Read the article to know what exactly is involved in he audit process.More
What is Email Phishing and how to detect & prevent phishing emails?
Email Phishing is a form of social engineering. Phishing is the method of sending a deceptive email to make the recipient reveal sensitive information, click on a link or download a maliciou...More
FOR LATEST UPDATES SUBSCRIBE HERE: