Security Assurance
Demonstrate your security to your customers and suppliers through assurance and certification that is right for you.
Government-backed, industry supported scheme to help organisations protect themselves against common cyber attacks. Certification gives you peace of mind that your defences will protect against the vast majority of common cyber attacks simply because these attacks are looking for targets which do not have the Cyber Essentials technical controls in place.
Although based on the same technical requirements as Cyber Essentials, Cyber Essentials Plus includes a technical audit of your IT systems to verify that the controls are in place. In this way, it gives more assurance that you are complying with the scheme. The audit covers a representative set of user devices, all internet gateways, and all servers with services accessible to the internet.
The IASME Cyber Assurance standard covers a range of important cyber security, privacy, and data protection measures. Becoming certified allows small and medium-sized enterprises in a supply chain to demonstrate their level of cyber security for a realistic cost. The audited IASME Cyber Assurance certification is now accepted by a wide range of industry sectors as an alternative to ISO 27001 for small companies.
We assess your IT, identify vulnerabilities, and offer actionable insights to strengthen your security posture. We conduct a gap analysis against a recognised framework, test your systems and work with your business to agree remediation activities. We also develop and present post-engagement reports detailing any remediation work completed, pointing out any residual risk with recommendations for reducing those risks.
Cyber Essentials
Cyber Essentials can help every organisation – from micro businesses to large corporations – guard against the most common cyber attacks. If you have digital assets or store any data, putting the Cyber Essentials controls in place can help you keep it safe.
The Cyber Essentials Plus Process
Achieve Basic Cyber Essentials Certification
You'll need to complete the Cyber Essentials self-assessment questionnaire and get certified at the basic level.
Prepare for the Assessment
Agree the scope including define the sample size based on the NCSC guidance and internal and external networks for scanning. including networks scans. Install any vulnerability scanning software required.
Identify Sample Devices
No more than 72 hours before the assessment the representative sample of user devices that will be is agreed. We set up meetings with the assessor and owners of the sample devices
Technical Audit:
Within three months of achieving basic Cyber Essentials certification, you must undergo a technical audit. The technical audit includes, Vulnerability Scans, Device Checks, email tests, browser download tests, and user access controls tests either remotely or in person.
Remediation
If your organization fails the assessment, you will receive feedback on areas requiring remediation to achieve scheme compliance. You will then need to address the feedback and repeat the assessment within 30 days.
Verification Scans