Cyber Essentials is a government-backed, industry supported scheme to help protect organisations against common cyber-attacks. Cyber Essentials was developed as a simple prescriptive formula based on evidence of the attacks. By design the scheme addresses the most common Internet-based threats to cyber security — particularly, attacks that use widely available tools and demand little skill including hacking, phishing and password guessing.
Sapphire makes it easy for companies looking to gain Cyber Essentials self-assessment and Cyber Essentials Plus accreditation. We work closely with organisations to understand their individual challenges and concerns to provide recommendations and guidance to achieve certification.
We evaluate and refine the five controls which protect against the most common enterprise attacks; access and privilege management, network configurations, patch management, malware protection, and perimeter security.
Receiving approved certification of cyber security capabilities improves your appeal as a ‘trusted supplier’ for large companies and is now a must for many Government contracts.
The business will be guided through the process by a team with 24 years’ cyber experience securing some of the world’s largest companies at a competitive price.
The Information Assurance for Small to Medium-sized Enterprises (IASME) Governance Standard is a structured way for a business to implement and improve the way it secures information and offers assurance to the government, regulators, customers and vendors regarding its posture. The IASME Governance Standard is designed to guide the SME where needed and then assess their level of maturity.
Cyber Essentials is an integral part of IASME Governance, which help to protect organisations against common cyber-attacks.
The Cyber Essentials Plus assessment is a more comprehensive detailed security audit that can result in a PASS or FAIL. Anything that is not internet facing can be excluded from the scope. Think vulnerability assessment meets audit without a formal penetration test. The five areas we cover as part of a Cyber Essentials Plus assessment are:
To deliver the CE+ assessment Sapphire need to concentrate on the following areas:
Test whether an Internet-based opportunist attacker can hack into the applicant’s system with typical low-skill methods.
These tests assess defence against attacks that originate externally but involve some form of an internal user action, or which are difficult to test directly from the Internet.
Identify missing patches and security updates that leave vulnerabilities that threats within the scope of the scheme could easily exploit.
To check that all of the EUDs in scope benefit from at least a basic level of malware protection.
To test whether or not EUDs are protected against malware that is delivered via email attachments.
To test whether or not EUDs have protection from malware delivered through a website.
Cyber Essentials is a Government-backed scheme that provides a clear idea of the basic controls that businesses should implement.
Developed by the National Cyber Security Centre, Cyber Essentials was designed to protect businesses from 80% of all basic cybersecurity threats. Having a Cyber Essentials certification also proves to suppliers and partners an organisation’s credibility and trustworthiness.
a) Cyber Essentials
This is a foundation-level certification specifically designed to provide a self assessment of basic controls an organisation requires to mitigate risk from different common cyber threats.
b) Cyber Essentials Plus
Cyber Essentials Plus involves both internal and external tests of your network and computers. It will involve a visit to your site and provides more assurance that you are complying with the Cyber Essentials Scheme than the basic self-assessment level.
Because of the increased complexity of Cyber Essentials Plus, it is offered alongside additional support, including an on-site assessment and dedicated help desk support.
The standard Cyber Essentials accreditation requires organisations to fill in an online questionnaire and costs less to complete.
All certificates have a 12-month expiry date.
The cost of the Cyber Essentials self-assessment certification is £300 + VAT.
The cost of the Cyber Essentials Plus certification is based on the complexity and size of an organisation.
Yes, the certification is also issued to overseas organisations.
For a business to become Cyber Essentials self-certified, it takes between 1-3 working days from the time of submission. However, organisations with a tight deadline can also contact the issuing body to fast-track the approval process.
A typical CE+ assessment is 3-5 days and as Sapphire are an IASME approved Certification Body, the certificate is available on completion of an audit.
An organisation has 90 days to pass CE+ on completion of Cyber Essentials basic.
Yes, some government contracts stipulate applicants are Cyber Essentials Certified.