Cyber Essentials

Effortless and Affordable Cyber Essentials Compliance

Get in Touch

Whether you aim to distinguish your organisation in a competitive market, strengthen security, or cultivate trust among your stakeholders, Cyber Essentials forms the cornerstone of your journey. It’s not a single endeavour but a continuous pledge to safeguard against the ever-evolving realm of cyber threats.

Cyber Essentials

Cyber Essentials is a UK government scheme which demonstrates your commitment to cyber security and helps you to guard against up to 80% of IT security breaches.

In order to bid for central government contracts that involve handling sensitive and personal information or the provision of certain technical products and services, Cyber Essentials certification has been mandatory since 1 October 2014.

Cyber Essentials PLUS

Cyber Essentials PLUS is the same as the basic Cyber Essentials Assessment with the addition of a series of on-site technical assessments. The on-site technical assessments are used to verify your answers and ensure you are protected against various attack scenarios.

This extra stage of independent testing gives you even greater peace of mind that your security reaches a certain standard and is particularly recommended for organisations holding confidential information.

Daisy works in partnership with the National Cyber Security Centre (NCSC) and Information Assurance for Small Medium Enterprises (IASME), providing consultancy and certification for both Cyber Essentials (Part 1) and Cyber Essentials Plus (Part 2) accreditation.

The Five Key Controls of Cyber Essentials

In a landscape where more than 80% of UK businesses face preventable security threats, the Cyber Essentials framework stands as a robust security foundation applicable to businesses across all industries. Aligning with five core technical controls, obtaining Cyber Essentials certification is a straightforward endeavour. These controls encompass:

Malware Protection

Safeguard your systems from viruses and other malicious software by employing well-configured anti-malware solutions and permitting only trusted applications.

Secure Configuration

Opt for the most secure configurations for your devices and software by updating passwords and eliminating unused accounts and software.

Access Control

Manage access to administrator accounts to regulate which individuals can reach your data and services.

Patch Management

Safeguard against potential weaknesses by ensuring your devices and applications remain current and updated.

Firewalls and Internet Gateways

Create a protective boundary between your IT network and external networks to assess whether incoming traffic should be permitted on your network.

Assessing your security

The basic assessment comprises a vulnerability scan and a self-assessment questionnaire, which aim to assess the effectiveness of currently deployed security measures.

The self-assessment questionnaire serves two purposes; to gain technical scoping information and to assess the effectiveness of your current security controls.

How to Obtain Cyber Essentials Certification

Whether you’re embarking on the journey to fortify your security from the ground up or considering a renewal of your Cyber Essentials certification, we’ve got you covered. The simplest and most efficient route to Cyber Essentials certification involves consultant-led compliance support. Offering remote guidance, personalised policy documentation, and complimentary retesting, achieving Cyber Essentials certification has never been more accessible.

Daisy works in partnership with the NCSC and IASME, providing consultancy and certification for both Cyber Essentials (Part 1) and Cyber Essentials Plus (Part 2) accreditation.

Daisy is IASME accredited

IASME consortium Cyber Essentials Cyber Essentials Plus

FAQs

Cyber Essentials PLUS includes exactly the same essential requirements as the ‘basic’ Cyber Essentials assessment, with the addition of a more rigorous on-site testing, to verify your answers to the questionnaire and ensure you are protected against various attack scenarios. This extra stage of independent testing gives you even greater peace of mind that your security fully meets the requirements, and further emphasises your commitment to cyber security. Since April 2020 Cyber Essentials is now a prerequisite for Cyber Essentials PLUS.
While Cyber Essentials and Cyber Essentials PLUS are suitable for organisations of all sizes, for particularly large organisations or those holding especially high-risk information, it must be emphasised that they should only be one part of a much larger cyber security programme. In these instances, we recommend Cyber Essentials PLUS as a more in-depth form of testing to complement your existing security measures.

Certification to Cyber Essentials is mandatory for Central Government organisations whose services involve the handling of personal information, as well as the provision of some IT services.

If your organisation fails a Cyber Essentials assessment, a retest can be carried out once you have remediated the issues found. Retesting can be included as part of the initial engagement or scoped separately, however, the delay between the original assessment and retest should not exceed thirty days. In order to provide a passing result, you need to be able to demonstrate that you haven’t just fixed a problem to get through the assessment. This isn’t designed to be a ‘tick-box’ exercise, and the solution should be tailored to benefit your organisation.
Whilst it is your responsibility to determine which of your systems are in-scope, you should ensure you include all Internet connected end-user devices (desktop PCs, laptops, tablets and smartphones) and Internet connected systems (e.g. email, web and application servers). If you are struggling to identify your scope, we provide the option of an on-site pre-assessment day to guide you through the process.
Certification to other standards, for example ISO 27001, does not reduce the CE/CE+ assessment requirements.
The principles of Cyber Essentials are the basics of any security programme. Therefore, we highly recommend that organisations maintain the scheme on an ongoing basis. We also recommend scheduling annual reassessments, to ensure that your protection remains in line with the requirements of the standard, to better protect your organisation against the ever-growing number of cyber security threats.