The 2 levels of Cyber Essentials and how to get certified
- 31st May 2017
- Posted by: Mark Dodds
- Category: Security
In our past blogs on Cyber Essentials we`ve gone into depth on what cyber essentials actually is and the benefits of getting certified, we also explained the 5 key controls a business is assessed on to achieve certification.
In our latest blog, we go into a little bit more detail on the two types of Cyber Essentials you can achieve and also the ways you can get certified, including a step by step guide.
The 2 levels of Cyber Essentials
- Cyber Essentials Basic
- Requires a business to carry out a self-assessment of 5 basic security controls, Boundary Firewalls and internet gateways, secure configuration, access control, malware protection and patch management. A qualified assessor verifies the information provided and a certification is awarded
- The self-assessment cost, where a business makes the necessary security changes and answers all questions themselves is £300 + VAT
- Cyber Essentials Plus
- Includes the criteria as in the basic certification but includes a Higher level of assurance. A qualified and independent assessor examines the 5 controls as in the basic certification plus they will need to visit your offices to carry out on-site and external vulnerability assessments.
- The full test specification can be downloaded from the NCSC website here.
- The cost of the assessment will depend on the size and complexity of your network but can range from about £1400 if you don`t need any prior help. Costs will increase if you need someone that can prepare your IT security beforehand.
Ways to get certified
A business can complete their own self-assessment for Cyber Essentials Basic and submit it online, you can also do this for Cyber Essentials Plus. With Cyber Essentials Basic you pay the cost and you`ll be given either a self-assessment form to fill out or access to an online portal, once the answers have been submitted they will be verified by an assessor. With Cyber Essentials Plus you also do this part but once the answers have been verified a vulnerability assessment is arranged where an assessor will visit your offices.
- You can take a quick test to help your business get an idea how you measure up against the requirement of Cyber Essentials. http://www.qgstandards.co.uk/quiz/
- Choose a certification body and download a free self assessment form from here http://www.qgstandards.co.uk/cb-doc-pdf-draft/
- You can also apply via an online portal http://www.qgstandards.co.uk/cb-portal-draft/
- You can`t just answer yes or no to the questions, you`ll need to produce brief notes to most answers and some screenshots may be needed.
- The self-assessment will need to be approved by a senior executive before submission
- Submit your self-assessment form
- You`ll get an answer to whether you`ve passed after about 5 days.
Getting help from a specialist
Some business owners don`t know enough about their IT to be able to answer the self-assessment questions appropriately, if you already have an IT service provider then you should ask them for help and help guide you through the process.
If you don`t already have an IT service provider then you`ll need to find an IT provider that can help you achieve the certification. This can be done in different ways such as them being on hand to answer questions you may have or even attend your office to help you put the necessary security policies in place.
Ideally, you would want to use a provider that is qualified to assist businesses in achieving Cyber Essentials as they are trained and tested to ensure they correctly understand the requirements of the scheme.
If you would like any further information on how cyber essentials could help prevent up to 80% of common cyber attacks, please get in touch with us today.