Cyber Essentials

Cyber Risk Manager fully aligned to the UK Government’s Cyber Essentials Accreditation Scheme.

We offer the self-assessment version by default and we can also provide the externally certified service – Cyber Essentials Plus – on application. Our Cyber Risk Audit service includes Cyber Essentials voucher worth up to £1,500 –
https://cyberessentials.online/digital-scotland-voucher-scheme/

Cyber Essentials certification demonstrates that your organisation complies with a government-backed cybersecurity standard.

Cyber Essentials Plus Certification BodyCyber Essentials is a UK government-led scheme that was originally launched in 2014 as an assessment strategy to accompany the NCSC (National Cyber Security Centre) “10 Steps to Cyber Security” publication.

The scheme provides an accessible way for companies and organisations of all sizes to demonstrate their commitment to cybersecurity through a recognised and government-backed standard.

qode-np-item
1
SECURE YOUR INTERNET CONNECTION
qode-np-item
2
SECURE YOUR DEVICES AND SOFTWARE
qode-np-item
3
CONTROL ACCESS TO YOUR DATA AND SERVICES
qode-np-item
4
PROTECT FROM VIRUSES AND OTHER MALWARE
qode-np-item
5
KEEP YOUR DEVICES AND SOFTWARE UP TO DATE

Reassure customers that you are working to secure your IT against cyber attack.

Attract new business with the promise you have cyber security measures in place.

Some Government contracts require Cyber Essentials certification.

What does Cyber Essentials cover?

Within the Cyber Essentials scheme, there are five control categories which cover the five most-prominent cyber risks that affect organisations. These controls include the following:

Firewall Security

A firewall should be in place between the Internet and your organisation’s internal network. This firewall should be securely configured and be reviewed regularly.

Secure Configuration

Devices and software should be configured securely to prevent them from being compromised by a malicious user or malware. Default passwords should be changed, and all passwords should be suitably complex to prevent them from being guessed. All unnecessary software should be removed from end-user devices.

User Access Control

Access to your organisation’s data should be controlled through correctly assigned user accounts. Administration privileges should be tightly controlled, and administrative rights should only be granted to users who have a genuine, business need for this level of access.

Malware Protection

A robust anti-malware solution should be applied to prevent servers and end-user devices from being infected with malicious software. Cyber Essentials allows this to be achieved through conventional anti-virus software, application white-listing or by running applications in “sandboxed” environments.

Patch Management

All security updates and patches should be applied to devices and installed software. This ensures that security vulnerabilities are fixed and reduces the likelihood of devices and applications being compromised by a malicious user or malware.

Cyber Essentials Certification

Cyber Essentials certification demonstrates a base-level appreciation of cyber security within your organisation. The assessment process comprises of an online questionnaire being completed by the organisation, which captures information that supports the five controls being in place.

Once the questionnaire has been submitted, an accredited Cyber Essentials assessor examines the responses to ensure that these are line with the list of requirements produced by the NCSC (National Cyber Security Centre). If successful, the organisation will be awarded Cyber Essentials certification.

Cyber Essentials Plus Certification

Cyber Essentials Plus builds on the requirements that are mandated by the Cyber Essentials certification and includes an active assessment that is conducted at your organisation’s premises.

The Cyber Essentials Plus assessment requires that organisations already have Cyber Essentials certification and includes a number of specific tests which validate that a subset of the five control categories are implemented correctly.

A successful pass in each of the following tests allows for organisations to be awarded the Cyber Essentials Plus certification:
External Vulnerability Assessment

A vulnerability assessment is conducted against your organisation’s Internet-facing services. This is to ensure there are no vulnerabilities present in these services, which could allow them to be compromised by an Internet-based attacker.

Internal Patch Audit

An automated patch audit is conducted on your internal servers and workstations. This is to ensure that all critical-rated patches have been applied.

Review of Malware Protection

A configuration review is conducted of your anti-malware solution, to ensure that it has been installed correctly and offers a high degree of protection.

Email-based Malware Assessment

A test is conducted to assess if malicious files can be sent into your organisation through email attachments. This is achieved by sending a small number of malign, test files into some of your organisation’s email accounts from our server.

Web-based Malware Assessment

A test is conducted to assess if malicious files can be downloaded by your users from a potentially malicious server on the Internet. This is achieved by attempting to download a small number of malign, test files from our server to some of your organisation’s workstations.

What are the benefits of Cyber Essentials certification?

Obtaining Cyber Essentials certification provides assurance to your customers & stakeholders that your organisation has a baseline appreciation of cyber security. Cyber Essentials is a requirement for many UK public sector contracts, therefore achieving Cyber Essentials certification increases your eligibility to tender for sales into UK government departments.

Organisations who are awarded Cyber Essentials and Cyber Essentials Plus certification are provided with a certificate from our Accreditation Body and a logo toolkit which allows the Cyber Essentials logos to be used on the organisation’s website and in company documentation.

Displaying the Cyber Essentials logo to your customers and prospects provides a visible way to instil confidence in your organisation’s compliance with a recognised cybersecurity standard. It is also possible for customers to verify your Cyber Essentials certification through the NCSC website, therefore providing an additional layer of authenticity to your certification.

Why choose Trustify?

Trustify is an accredited Certification Body with the ability to perform both Cyber Essentials and Cyber Essentials Plus assessments on your organisation.

All of our Cyber Essentials assessments are conducted by our senior cybersecurity consultants, who have a strong technical background and are trained directly by our Accreditation Body.

We pride ourselves in partnering with our customers to provide guidance and support throughout the certification process. We want to ensure you are fully equipped before we perform your assessment, so that we can maximise your chances of passing first time.

Once you are audited and certified Cyber Risk Manager helps you centralise and monitor your Cyber Essentials compliance state and keeps you in check with GDPR too.

For SMEs

We provide products for start-ups and smaller accountants, insurers and retailers, medium-sized law firms and financial services companies, for schools and biotechs.

For Enterprises

We’re trusted to solve cyber-security for major organisations across the public, insurance, financial services, legal, pharmaceutical and accountancy sectors.

For SMEs

We provide products for start-ups and smaller accountants, insurers and retailers, medium-sized law firms and financial services companies, for schools and biotechs.

For Enterprise

We’re trusted to solve cyber-security for major organisations across the public, insurance, financial services, legal, pharmaceutical and accountancy sectors.