UK Government mandates new cyber security standard for suppliers from 1 October – make sure you’re compliant

Oct 01, 2014

From today, 1 October 2014, the UK Government requires all organisations bidding for contracts which process commercially sensitive or personal information to be certified against the Cyber Essentials Scheme.

Officially launched on 5 June 2014, organisations who successfully complete the scheme through a CREST (Certified Register of Ethical Security Testers) accredited supplier, will be awarded a certificate and will be able to display the appropriate Cyber Essentials or Cyber Essentials Plus badge to publicise  it. The two levels of certification within the assurance framework are:

Cyber Essentials – where a company completes a self-assessment questionnaire about their current security processes. This is approved by a senior executive of the company and it is then verified by an independent Certification Body to assess whether an appropriate standard has been achieved. All CREST-accredited certification bodies will then conduct an external vulnerability scan of the company’s Internet-facing networks and applications, to verify that there are no obvious vulnerabilities present.

Cyber Essentials Plus – as above, but it also includes independent, vulnerability testing of the systems that are in scope. 

The scheme sets five critical controls which are applicable to all types and sizes of organisations – focusing on security measures to protect organisations against the most prevalent forms of a threat coming from the internet. One of the main objectives of Cyber Essentials is to provide a trusted standard for cyber security in business which is accessible and affordable. 

The Cyber Essentials Scheme requires that organisations recertify at least annually.

Supported by CREST, the scheme is endorsed by many industry-recognised groups, including the Federation of Small Businesses, the CBI and some cyber security insurance providers.

We can help you get compliant
7Safe is a well-established member of CREST – and is now accredited to deliver Cyber Essentials to any organisation wishing to certify to the scheme. 

To find out how 7Safe can help your organisation become compliant with the Cyber Essentials scheme, please call 0870 600 1667, or click here for further information.