Cyber Essentials is a Government-backed and industry supported scheme to guide businesses in protecting themselves against cyber threats. Certification against this scheme is increasingly required for any company bidding for government contracts and sometimes their supply chain too. In addition to this, other organisations are now starting to include Cyber Essentials certification as a requirement in their standard supplier contracts.

Last updated: 13 February 2017

In addition to helping organisations remain secure Cyber Essentials accreditation is also a useful starting point to help you become compliant with the GDPR. While Cyber Essentials does not directly address GDPR it does help provide the base framework for implementing effective information governance in an organisation.

Cyber Essentials was created in 2014. However a revised scheme was published on 6th February 2017 to help clarify the scope and to improve best practice in some areas.

There are two levels to accreditation:

• Cyber Essentials - a completed self-assessment questionnaire, signed by a board member which is then assessed, typical cost is £300-£400.
• Cyber Essentials Plus - additional on-site testing is carried out by external certifying bodies, costs vary depending on the size and complexity of an organisation.

The Cyber Essentials documents are free to download and help you prepare for accreditation.

You can start your accreditation process by contacting the Information Assurance for Small and Medium Enterprises (IASME) Consortium.

Resources

• HM Government web site describing Cyber Essentials in detail.
• Cyber Essentials preparation documents.
• Gov UK documents providing an overview of the Cyber Essentials scheme.
• Threats in scope for Cyber Essentials scheme (NCSC).
• Requirements for IT Infrastructure for Cyber Essentials scheme (NCSC).

The IASME Consortium kindly provided assistance in the creation of this web page.