Earlier this year the NCSC and its Cyber Essentials delivery partner IASME announced that changes would be made to the technical requirements for the Cyber Essentials scheme in April of 2023. Now that April is upon us, it’s essential that businesses who aim to renew or gain a Cyber Essentials certification meet the updated criteria.
If your business currently holds this certification or you’re currently in the process of working towards it, then continue reading to understand how the requirements are changing, and how you can ensure your business successfully gains Cyber Essentials accreditation.
In summary, the IASME Cyber Essentials accreditation is a UK Government approved and recognised cybersecurity certification for businesses who want to demonstrate their commitment to exemplary cybersecurity practice. The scheme was launched in June 2014 under the direction of the National Cyber Security Centre (NCSC), with the aim of enabling businesses to understand and select the appropriate security controls for their IT environment.
Since October 2014 the accreditation has been a requirement for suppliers to the British government who handle specific kinds of sensitive and personal information. Businesses who aim to establish governmental contracts should gain the Cyber Essentials certification in order to expedite the process.
Organisations seeking Cyber Essentials accreditation undergo a self-assessment process, marking themselves against five fundamental security controls. This self-assessment is subsequently verified by a qualified assessor and feedback is provided. Once the business has addressed any issues raised during the verification process the certification body will issue a certificate of compliance, and the business can operate with full accreditation.
The assessment questions are available to the applying entity beforehand, providing businesses with the opportunity to review and adjust their cybersecurity policies and practices before verification.
An additional bonus to gaining the Cyber Essentials accreditation is the possibility of obtaining government backed insurance; businesses with less than £20m annual turnover are automatically granted cyber liability insurance upon accreditation.
Organisations applying for the updated Cyber Essentials accreditation shouldn’t be worried about the upcoming changes. The scheme is regularly reviewed in order to match the ever-changing cyber-security landscape, ensuring businesses remain well protected against novel cyber threats. After the major overhaul made to the scheme in 2022, this year’s update is much less significant, providing new clarifications and guidance.
All changes made to the scheme are based upon feedback provided by applicants and assessors, and have been made in partnership with NCSC cyber experts. Here we’ve summed up the changes you’ll see implemented from April onwards:
While it may seem daunting to comprehend and self-assess the stringent security requirements of the Cyber Essentials certification, the scheme is essential for organisations looking to demonstrate their commitment to exceptional cybersecurity practices, and those looking to obtain governmental contracts.
If you have any queries or qualms about applying for Cyber Essentials accreditation, then your trusted MSP partner should be able to help. At Fitzrovia IT we have helped a number of clients successfully gain accreditation; our cybersecurity experts initiate the process with a business pre-audit, to ensure compliance standards are being met and certification is achieved on the first application.
Our team conducts a comprehensive evaluation to ensure the implementation of cyber best practices. This includes scrutinising the installation and setup of devices, assessing user permissions and access, checking for patching and software usage, and confirming adherence to protocols and policies.