Cyber Essentials & Cyber Essentials Plus are UK Government backed, industry supported schemes, to help organisations protect themselves from common cyber-attacks.
Government departments rely heavily on industry partners to deliver much of their ICT, support services, innovation and technical solutions. Therefore, you are an integral part in its supply chain, and it has a vested interest in ensuring that all its industry partners (of all sizes in all sectors) are encouraged to adopt a set of technical controls which when properly implemented provide organisations basic protection from the most prevalent forms of threat coming from the internet.
In 2014, in consultation with Industry, Government developed the Cyber Essentials Scheme, for all organisations of all sizes. In the same year, it mandated that suppliers demonstrate that they meet the technical requirements prescribed by Cyber Essentials.
Gov.UK Procurement Policy Note 09/14 – Use of Cyber Essentials Scheme certiﬁcation, was not prescriptive, insofar as it could be used in any category of Government procurement on a case-by-case basis, if a contracting authority considers this appropriate.
This is where things become tricky because each Government department seems to be taking their own line on whether Cyber Essentials or Cyber Essentials Plus is required.
The Cyber Essentials scheme allows the small companies in a supply chain to demonstrate their level of cyber security for a realistic cost and indicates that they are taking good steps to properly protect their customers information.
All partners in SMP Risk Managed have extensive experience within secure Government departments, negotiating with potential suppliers, on how to go about obtaining certiﬁcation, and ensuring that the scope of the certiﬁcation is suitable for the contracting vehicle.
This is where we in SMP Risk Managed can help you become certiﬁed, so you can get registered as a potential supplier, be added to frameworks where you may be offered contracts (either under tender conditions or because of direct award) and demonstrate and give assurances to HMG, your commitment to protecting not only your data, but the Government's too.
There are two levels of certiﬁcation available:
Cyber Essentials Certiﬁcation, which is awarded on the basis of a validated self-assessment, which is then veriﬁed by an independent Certiﬁcation Body (SMP Risk Managed), to assess whether an appropriate standard has been achieved, and certiﬁcation can be awarded. This offers a basic level of assurance and can be achieved at low cost, quickly and easily through us.
Cyber Essentials Plus, offers a higher level of assurance through the external testing of the organisation's cyber security approach. This would comprise of a remote, and on-site vulnerability test, to check whether the controls claimed actually defend against basic hacking and phishing attacks. This is a more rigorous and robust test of your ‘in scope’ ICT, and obviously is more time consuming, and costlier to obtain.
Please note however, if you intend to contract with MOD UK, you will almost certainly be required to have Cyber Essentials Plus, because their risk appetite is less than other Government departments.
We have worked closely with MOD and its allied procurement services, so we in SMP Risk Managed, are the best and most experienced team to help you achieve this level of certiﬁcation and assurance, in the best possible timescales.