If you’re a UK SME and part of a big supply chain or going for government tenders, you’re likely to be aware of the needs of Cyber Essentials. The original Cyber Essentials certification was designed to provide businesses with the basics of cyber safety and ethical business practices online; from managing firewalls and user accounts to appropriately protecting their business against malware and data theft. To remain compliant with modern UK business requirements, Cyber Essentials is – well, an essential.
But for businesses wanting to go beyond the basics and improve their safety and the security of their business online, Cyber Essentials PLUS is the answer. As one of the services we offer our clients, we deliver the Cyber Essentials Plus certification through IASME and know just how important this higher compliance standard from achieving the ‘PLUS’ certificate can be to your businesses.
What exactly is the difference between Cyber Essentials and Cyber Essentials PLUS? It all comes down to the use of an independent auditor.
Cyber Essentials PLUS requires businesses to comply with the same five factors as the non-PLUS model. Known as technical security controls, these include:
- Secure Configuration
- User Access Control
- Malware Protection
- Patch Management
In addition to these basic requirements to be certified, Cyber Essentials PLUS goes a step further than the self-certification of Cyber Essentials and requires an independent assessment of the business’ internal security controls to achieve this higher level full certification.
Why an independent assessment?
Robust credibility is the driving reason why Cyber Essentials PLUS uses independent assessment as this ensures companies are indeed compliant with the requirements of the Cyber Essentials scheme. The additional step ensures the safety of the business but further helps authenticate the certification. By verifying you are compliant, the resultant certification award is more trustworthy than an in-house DIY version of the Cyber Essentials certificate.
Which form of certification is best for your business? If at all possible, upgrading from Cyber Essentials to Cyber Essentials PLUS is the ideal choice for any company. Each assessment includes a vulnerability scan to ensure your business data and information is well protected. If you are genuinely committed to safer online and network practices, for your business and your clients, then investing in Cyber Essentials PLUS certification could be your best move.
If you’re considering certifying your business under Cyber Essentials PLUS, CyberSmart are here to help you. We work with companies of all sizes to ensure 100% compliance with the requirements of the certification, helping businesses to achieve their certification fully and meet the needs of GDPR at the same time. Contact us today to find out more.