key in a door lock
Published 25 Jun 2019

CyberEssentials is a government-backed, industry-supported scheme designed to help organisations protect themselves against common cyber security threats. Compliance to the standard ensures that a set of basic technical and organisational controls are in place to help businesses strengthen their IT Security.

The National Cyber Security Centre (the public face of the GCHQ) were involved in the development and content of the scheme.

The CyberEssentials Scheme

There are two levels to the scheme, CyberEssentials, and CyberEssentials+.

Certification to CyberEssentials is a recognised and formal accreditation which indicates that you have the fundamentals of cybersecurity in place. It focusses on:

  • Boundary firewalls and internet gateways.
  • Secure configuration.
  • Access control.
  • Malware protection.
  • Patch management.

Certification to CyberEssentials+ further demonstrates that appropriate and robust IT governance policies and procedures are in place. The CyberEssentials+ certification process requires you to have penetration testing performed and remedial action taken on any vulnerabilities that are identified. Your system is also scanned internally to identify any vulnerabilities that can arise from unpatched or unsupported operating systems or software.

A CyberEssentials certification must be renewed annually.

The Need for CyberEssentials

As well as helping to safeguard your data from attack, a CyberEssentials accreditation is a convenient and recognised means of promoting your company’s data protection standards. CyberEssentials is becoming the de facto minimum standard in many industry sectors.

  • Since April 2018, the NHS Trust Wales requires healthcare organisations and partners to achieve CyberEssentials+.
  • CyberEssentials is also mandatory for businesses intending to tender for any MOD or government department contract, or if you are in the supply chain for any business that is tendering for or has secured such a contract.
  • CyberEssentials is now also a requirement for any legal practice that wishes to obtain the Law Society Lexcel accreditation.
  • There is no certification for GDPR. Data controllers are looking for other reassurances that a potential data processor is trustworthy and safe to work with. A CyberEssentials certification will provide some of that reassurance.
  • The CyberEssentials certification includes cyber security insurance providing cover to a maximum of £25,000 for costs to engage Legal, IT Forensics, Data Restoration, Reputational Protection, Notification costs and Credit and ID Monitoring services following an actual or suspected breach of personal or corporate information, an IT security or system failure.

We Can Work With to Obtain Your Accreditation

Pro-Networks will work with you to obtain your CyberEssentials certification, at either the CyberEssentials or CyberEssentials+ standards. We control and manage the process for you end-to-end and we’ll explain every step of the way in plain English.

We've been through it ourselves and have helped many customers achieve certification.

Contact us and discuss your requirements, and we'll start the ball rolling towards your accreditation.

More than three quarters of UK staf...

Sixth European Cybersecurity Challe...

SMBs facing increasingly more cyber...