Cyber Essentials Scheme & IASME Governance

The Cyber Essentials scheme is a simple yet effective, Government backed framework that was developed by the National Cyber Security Centre (NCSC) to help organisations to protect themselves against a range of the most common cyber threats.

From the small-scale start-up to established and growing organisations, the Cyber Essentials scheme will help you to put measures in place to reduce the impact of threats such as phishing attacks, malware and ransomware attacks, and demonstrates a commitment to cyber security. In addition to this, organisations gaining self-certification to Cyber Essentials also qualify for up to £25,000 of cyber liability insurance should an incident or data breach occur.*

Cyber Essentials is an integral part of the IASME Governance Standard, which also covers a GDPR assessment.  The IASME Governance Standard is designed to guide and then assess the level of maturity of an SME’s information security.  The IASME Governance Standard is taking traction in larger organisations as a strategic stepping stone to ISO 27001:2013 accreditation.

*organisational size limits apply

IASME Governance

The Information Assurance for Small to Medium-sized Enterprises (IASME) Governance Standard is a structured way for a business to implement and improve the way it secures information and offers assurance to government, regulators, customers and vendors that information security is an integral part of the business. The IASME Governance Standard is designed to guide the SME where needed and then assess the level of maturity of an SME’s information security policies.

Cyber Essentials is an integral part of IASME Governance, which help to protect organisations against common cyber-attacks.  Cyber Essentials was developed as a simple prescriptive formula based on evidence of the attacks.  It was designed to address the most common forms of cyber-attack and offer organisations a basic level of cyber-security. Cyber Essentials has been designed to address comprises five technical controls including:

> Access control & administrative privilege management
> Secure configuration
> Patch management & updating software
> Malware protection
> Boundary firewalls and Internet gateways

Cyber Essentials

To achieve Cyber Essentials you are required to complete an independently verified self-assessment questionnaire. We can help with the self-assessment in two ways. You can complete the assessment in the first instance and send it to us for one of our Cyber Essentials assessors to review and provide recommendations. At this stage, we can guide you and suggest appropriate changes. The spreadsheet now also covers a GDPR module and it is worthwhile completing the governance questions too. The second way that we can support you is to provide online consultation. We can then complete the spreadsheet with the assistance of your information security manager or the individual who is responsible for risk or information governance.

Cyber Essentials Plus

To gain certification to Cyber Essentials Plus you must go through a certification process which involves a technical audit of the systems that are in-scope. It includes an appraisal of a representative set of user devices, all internet gateways and all servers accessible to internet users. The Sapphire assessor will typically select a random sample of systems, typically around 10%. Cyber Essentials Plus provides a greater level of assurance than the self-assessed level. Being certified to Cyber Essentials Plus demonstrates to your customers and any organisations that you partner with that you are protected against common cyber attacks and have the appropriate security controls in place to prevent a breach.

Why Sapphire?

Sapphire has been delivering the very best cyber security services and solutions for over 24 years. Our expertise covers all aspects of cyber security; people, policies and technical controls. Sapphire is a recognised IASME certification body for Cyber Essentials and IASME Governance. We are one of only a small number of organisations in the UK who are qualified to assess and certify businesses against both Cyber Essentials and Cyber Essentials Plus schemes. Our team also includes qualified IASME Governance (with GDPR) auditors.

Sapphire is an NCSC approved CHECK company offering penetration testing of IT systems to identify potential vulnerabilities and recommend effective security countermeasures.  

Find Out More

Thank you for taking the time to visit our website. We have a wealth of knowledge when it comes to all aspects of IT Security and welcome the opportunity to work with you – either call us or complete the online enquiry form below and one of our team will get in touch.