Cyber Essentials is a Government-backed certification scheme which concentrates on five key technical controls specially designed to protect against the most common internet-based cyber security threats affecting businesses:

• Boundary firewalls and internet gateways 
• Secure configuration 
• Access control 
• Malware protection
• Security update management 

By implementing these technical controls, your organisation significantly reduces the risk of cyberattacks.

The scheme offers a cost effective self-assessment solution suitable for organisations of all sizes and the government mandates that all suppliers bidding for contracts involving sensitive information or specific technical products must hold Cyber Essentials certification.

There is also a Cyber Essentials Plus option where a qualified assessor is enlisted to thoroughly scrutinise and test the implemented controls. This higher level of assurance entails a comprehensive technical audit of the systems falling within the scope of Cyber Essentials. This includes a diverse selection of end-user devices, including BYODs (Bring Your Own Devices), all internet gateways and all servers with services accessible to unauthenticated internet users. The assessor conducts remote testing on a carefully chosen representative sample of these systems and will then make a decision on whether further testing is required.

How long is Cyber Essentials certification valid?

Cyber Essentials certification remains valid for 12 months and must be recertified annually.  The assessment provides a 'snapshot' of your organisation’s cyber security, effective only on the assessment day. Given the ever-evolving threat landscape, organisations must commit to continuously maintaining the principles of the scheme.

Upon achieving Cyber Essentials certification, UK companies with an annual turnover of less than £20m are eligible for free cyber insurance.

For further information on Cyber Essentials, please visit the National Cyber Security Centre