Cyber Essentials Plus is the level above the foundation certification and provides a more rigorous test of your organisation’s cyber security systems through detailed on-site vulnerability assessments carried out by our cyber security experts.
The certification is recommended for organisations whose risk of being the victim of a malicious cyber attack is higher than average. It features the initial self-assessment, which makes up the foundation certification (Cyber Essentials), as well as a series of vulnerability tests which are carried out by our own cyber security experts, who will make sure that your IT security systems are able to withstand basic hacking and phishing attacks and will then prepare a final report summarising their findings.
Completing the certification allows you to display the official Cyber Essentials Plus badge.
Completing the certification allows your organisation to display the official Cyber Essentials Plus badge, which demonstrates that you take your cyber security seriously and that you have met government requirements to respond to the threat.
On average, more than 4,000 cyber attacks occurred against businesses every day in 2016 according to the Cyber Security Breaches Survey 2017. It’s now extremely important that you have the necessary precautions in place when you are attacked.
Cyber Essentials benefits include:
The level of testing required for Cyber Essentials Plus is more stringent than the testing carried out through the Cyber Essentials self-certification. Cyber Essentials Plus assessment involves two key additional elements:
The on-site assessment is a requirement for all companies wishing to achieve Cyber Essentials Plus. Our team will visit your office(s) and thoroughly check whether the solutions you have put in place comply with the control requirements. You can find out the control requirements here.
An internal vulnerability scan is a requirement for all companies wishing to achieve Cyber Essentials Plus. It involves a scan of your internal networks within the scope of your application, with a focus on workstations and mobile devices. It aims to find out whether the Cyber Essentials controls have been properly implemented and to check that known vulnerabilities have been addressed.
Cyber Essentials Plus is designed for businesses that have matured their network infrastructure data requirements and have outgrown the minimum requirements of the basic Cyber Essentials scheme. A range of public and private companies have already adopted Cyber Essentials Plus since the scheme’s inception in 2014 with large global corporates such as Vodafone and Oracle leading the way in cyber security best practice. This has led to many public sector organisations, such as the Ministry of Defence and Home Office, mandating its requirements across their respective supply chains.
Dermot O’Kelly, Senior Vice-President and Country Leader of Oracle UK, Ireland and Israel, said: “We understand that the confidentiality, integrity and availability of your information is vital to your business.
“Security is embedded in Oracle’s ‘DNA’ – within the product, the development cycle and cloud operations practices – to ensure your information remains your information. Mission-critical data can only be maintained by having the most stringent security measures in place.”
Vodafone UK, which was the first telecoms company to be awarded Cyber Essentials Plus, stated: ”To be the first telecoms company and the first multi-national to have met the new Cyber Essentials Plus standard highlights our ongoing commitment to ensuring the security and protection of our IT and customer systems and online assets.”
Ed Vaizey, previous UK Minister for Culture and the Digital Economy, added, “Protecting personal data depends on good cyber security, and the threats and challenges are getting ever more sophisticated.”