Do I need Cyber Essentials Plus?
In order to achieve Cyber Essentials Plus, you must have already obtained the self assessed Cyber Essentials certification (which our sister company – InfoSec Governance can help you with) and send TeraByte a copy of the certificate as proof. Obtaining the plus certification and implementing the required controls could shield your business from up to 80% of the common threats from the internet.
Adopting Cyber Essentials is likely to become a major requirement to win business in many sectors in the future – and to demonstrate this, from 1 October 2014, the government has required suppliers bidding for certain information-handling contracts to be Cyber Essentials certified.
The certification is backed by the industry, as well as the business support and lobbying organisation the Federation of Small Businesses. A number of insurance companies are also starting to offer incentives for organisations that conform to the scheme.
A company can gain “Cyber Essentials” or “Cyber Essentials Plus” badges which allow a company to advertise the fact that it adheres to a government endorsed standard.
Cyber Essentials Plus consists of five baseline controls that businesses should have in place to reduce the risk of data breaches from internet-based attacks, these being:
- Boundary Firewalls
- Secure Configuration
- Access Control
- Malware Protection
- Patch Management
Achieving Cyber Essentials Plus
As part of the Cyber Essentials Plus assessment, the company will be required to pass an external and on-site vulnerability assessment performed by staff from InfoSec Governance. These staff are fully trained to a minimum TigerScheme QSTM status and each hold a minimum of SC Level Clearance.
To achieve Cyber Essentials Plus, please contact us to request a pre-assessment questionnaire which will help to assess the costs which will be involved in performing an on-site vulnerability assessment.