Cyber Essentials Certification
The Cyber Essentials Scheme has been developed by the UK Government and industry to lay out the fundamental technical security controls that an organisation should have in place to defend against Internet based threats.
Organisations can demonstrate that they have taken steps to protect their and their clients’ data from cyber-attacks by obtaining a Cyber Essentials certification.
The scheme was launched in late 2014 and quickly adopted, with many UK Government supply chains requiring their suppliers to be certified. The requirement for Cyber Essentials is increasingly being seen in tender documents.
Cyber Essentials was born out of the UK Government’s National Cyber Security Strategy aim of making the UK a safer place to do business. The scheme is based on NCSC’s ‘10 steps to Cyber Security’ Guidance but also incorporates guidance from other key standards and bodies, including ISO 27001, IASME (Information Assurance for SMEs) and the BSI (British Standards Institute). It has been developed with technical input from industry bodies such as CREST. The scheme aims to develop a baseline standard of security accessible to companies of all sizes.
Cyber Essentials focusses on the following core areas:
- Boundary firewalls and Internet gateways
- Secure configuration
- Access control
- Malware protection
- Patch management
Certification has two levels, Cyber Essentials and Cyber Essentials Plus. Your organisation can choose the level you wish to certify against.
Cyber Essentials – This introductory level of certification is based on a self-assessment questionnaire that will be validated by an external assessor.
Cyber Essentials Plus – This is a more detailed assessment where the external assessor will verify the self-assessment questionnaire with an on-site check and vulnerability assessment.
Our View of Cyber Essentials
EJC believe that Cyber Essentials does provide a useful standard for organisations of all sizes to meet. The requirements are real world, common sense recommendations that all businesses should adopt as they would improve security and reduce risk.
Many of the requirements on organisations are already part of EJC standard operating procedures, including when we install new computers, firewalls, servers or users. However, some may require tighter control of your infrastructure, more management oversight or a more formal approach to key processes.
We recommend organisations wanting to achieve the standard apply for Cyber Essentials Certification and then if wanted progress to the more rigorous and costly Plus certification.
Our Approach to Certification
EJC have selected 7 Elements, an independent technical information assurance consultancy as our preferred assessor for clients wanting to achieve Cyber Essentials certification. We selected 7 Elements because they are committed to organisations achieving the standard and working with EJC so that we can address identified gaps. You can view their website here: https://www.7elements.co.uk/services/cyber-essentials/
Cyber Essentials is the introductory level of certification and is based on self-assessment. As your IT partner, we have the best knowledge about your environment and can complete the certification process quickly and efficiently.
EJC understand the issues that we face as lawyers and offer proven real world solutions. I have been impressed with their professionalism, honesty and most of all their commitment to achieve the best result for their clients. I have no hesitation to recommend EJC as a strong IT partner for legal businesses.
EJC have helped us meet the challenges that we face as a growing professional service firm. Our firm relies on the consistent performance and availability of key systems so that our fee earners can be as productive as possible. Therefore we need to work with an IT partner like EJC, who can engage directly with our suppliers. I highly recommend EJC as a trusted IT partner for professional service firms.
The Anslow Partnership
Druces was experiencing recurring performance issues and service interruptions with its [hosted] systems. We asked EJC to conduct a detailed audit to allow us to identify where the issues were occurring and who we needed to work with to resolve them. Their approach was expert, professional and thorough. The insight it gave Druces allowed us to plan and act with confidence. I would recommend EJC to law firms looking to improve their technology service, delivery and benefits.
The quality of IT is vital to Fisher Meredith’s success and the Infrastructure Assessment by EJC has given the firm a clear roadmap and budget to deliver a secure platform that will support our continued growth…. Since we began working with EJC, they have delivered real improvements to the reliability and performance of our systems. Critically, they work successfully with our internal team, providing expertise and resource that extends and complements our own capabilities.
EJC work with a number of our clients and in my dealings with them I have always found them to be knowledgeable and to offer straightforward advice. I would recommend EJC to anyone that is looking for a professional organisation to help them get the most out of their IT.