Cyber Essentials - What you need to know

What is Cyber Essentials?

Cyber Essentials (CE) is a government-backed cyber security certification scheme that was introduced in 2014 by the National Cyber Security Centre (NCSC). In January 2023, a further update of the scheme was announced to ensure continual relevance as the cyber threat landscape evolves.

It’s an accredited programme designed to mitigate over 80% of threats. Certified companies enjoy peace of mind and are able prove to customers that their operations are trustworthy and secure.

The NCSC (part of GCHQ) introduced the Cyber Essentials scheme to make the UK and Crown Dependencies highly secure locations for digital business through affordable cyber protection. IASME is the designated certification partner, and the process focuses on five technical controls that guard against the most common types of cyber threat.

Do I need ANOTHER certification?

When looking for a potential supplier, diligent decision makers investigate the credentials of prospective organisations, and certification to Cyber Essentials is fast becoming a minimum requirement - indeed many public sector bodies will only deal with companies that are CE accredited. At a time when cybercrime is at epidemic proportions, we all prefer to deal with companies that take security seriously.

Cyber Essentials Basic: is the base level online process that’s checked by experts at IASME to determine alignment with the standard. It provides certified protection against a wide variety of cyber threats, and reduces the risk of a damaging cyber-attack.

Cyber Essentials Plus: provides the same approach and protection with an additional hands-on technical verification that involves an in-depth vulnerability scan and analysis of the organisation’s systems by a qualified assessor, who then personally verifies the business is compliant.

Cyber Essentials certification enables organisations to:  

• Reassure customers that systems are protected against attacks from cyber-space.
• Attract new business with assurances that cyber security measures are in place.
• Provide clear evidence of the organisation’s cyber security protection level.
• Widen sales opportunities as customers increasingly require CE certification.

Simplifying the Red Tape process

Working with a security partner to guide you through the process at every step of the way is a recommended course of action for organisations needing speedy, and assured certification.

Many small and medium sized businesses struggle with the accreditation detail required and some questions can be difficult to understand without detailed technical knowledge of the systems. Remedial action may be required to gain certification, and support from experts also serves as a security audit for on-going protection and assurance.

Platform for on-going security

CE certification is a tried and tested ‘building block’ process for the on-going war against ever more sophisticated cybercrime. Having a level of protection that meets certified Government guidelines provides peace of mind and proof that you’re doing everything required to protect your systems and data - demonstrating to customers that you take security seriously.