SureCloud has transitioned to become an IASME-accredited Cyber Essentials certifying body, demonstrating that we can continue to assess these critical cybersecurity controls under government changes to the scheme.
What is Cyber Essentials?
“Cyber Essentials is a simple but effective, Government–backed scheme that will help you to protect your organisation, whatever its size, against a whole range of the most common cyber attacks.” – NSCS
Under IASME, SureCloud can help your organisation prove to the world that you have the capability and maturity to defend against cyber–attacks.
Why get Cyber Essentials PLUS?
Cyber Essentials PLUS is a great way for organisations to prove that they follow cybersecurity best practices and can be trusted to keep data safe. The Cyber Essentials controls are prescriptive, which means that your customers and partners can be sure a good minimum standard is being met. Furthermore, the PLUS certification requires the controls to be verified by an accredited body like us and will provide a high level of confidence that a robust security posture is being attained.
99% of cyber-attacks at least partially mitigated by Cyber Essentials controls
Whilst the Cyber Essentials controls are not designed to cover all of the areas you would usually see in an ISMS (Information Security Management System), they have been carefully chosen by the NCSC to defend against commodity threats, and therefore prevent the vast majority of attacks. In fact, research by Lancaster University showed that more than 99% of attacks were at least partially mitigated by Cyber Essentials controls.
A prescriptive standard
Cyber Essentials PLUS provides an affordable and simple pathway to achieving a company–wide information security certification and offers a great alternative to ISO 27001. The equivalent ISO certification is very thorough and complex, and provides a great deal of assurance in its own way. However, its complexity makes it expensive and time–consuming, and its capacity to allow risk-based decisions does not guarantee a minimum–security posture like a prescriptive standard does. As a result, whether you’re a large organisation looking to compliment ISO 27001 with a more prescriptive certification, or an SME looking for a more affordable and achievable pathway, Cyber Essentials PLUS could be for you!
What’s changed?
Cyber Essentials is a National Cyber Security Centre (NCSC) scheme now being operated by a single partner: IASME. SureCloud has transitioned to become an IASME-accredited certification body by demonstrating that we meet IASME’s high standards both in terms of our experienced and qualified consultants, and our wider organisation. Using a single partner will mean greater consistency in the delivery of Cyber Essentials, which was previously operated by five accreditation bodies.
The assessments themselves are remaining largely unchanged and the delivery of Cyber Essentials PLUS by SureCloud will be unaffected by our new status as an IASME certifying body.
Give your stakeholders assurance with SureCloud and Cyber Essentials PLUS
The basic level of Cyber Essentials no longer requires an external vulnerability scan, meaning that this certificate is now entirely a self-assessment with no verification from an independent third party. SureCloud therefore recommends the PLUS certification, which provides your customers and partners with assurance that the controls have been properly tested.
Cyber Essentials PLUS and Penetration Testing
Many of SureCloud’s customers benefit from performing Cyber Essentials PLUS assessments alongside penetration testing. These two varying assessments complement each other well.
A number of the components included in a typical penetration test, such as external vulnerability assessment and workstation build reviews, have a very clear overlap with Cyber Essentials PLUS assessments. It can be significantly more efficient to run these activities at the same time.
Furthermore, penetration tests are purely about assurance as opposed to accreditation. Combining penetration tests and Cyber Essentials PLUS means that the net value of the engagement is both a test report with recommendations and the opportunity to achieve a well-known and respected cybersecurity certification.