On the 24th January 2022, IASME and the National Cyber Security Centre will introduce an updated set of requirements for the Cyber Essentials certification scheme. The update is the biggest overhaul of the scheme’s technical controls since it was launched in 2014.
Over the past two years, the adoption of cloud services has massively increased due to the pandemic, as well as home/hybrid working now being the new norm for many people and businesses nationwide. As employees are using their own device and Internet routers for work purposes, Cyber Essentials will now take these into consideration during the assessment process, as well as including revisions of cloud services, multi-factor authentication, password management, and security updates.
This update will help organisations maintain their basic cyber hygiene inline with the change in working behaviours, and provide reassurance for managers, employees, and their clients. Many of the changes are due to feedback from assessors and applicants, as well as consultation provided by the Cloud Industry Forum.
What is Cyber Essentials?
Cyber Essentials is a government-backed scheme that was created to help organisations demonstrate they have the appropriate security in place. Cyber Essentials works by evaluating a company’s technology defences to determine the current vulnerabilities and risk level. Once these risks are identified and managed, the organisation will be awarded the Cyber Essentials certificate.
There are two options of certification available, Cyber Essentials and Cyber Essentials Plus, and either can determine the security level of a company.
How Does the New Update Work?
The new update for Cyber Essentials will officially be released on 24th January 2022. Any applications that are processing before this date will continue to use the current standard requirements and will have six months to complete the assessment.
Any Cyber Essentials assessments that begin on, or after, 24th January will use the updated set of requirements, with a grace period of up to 12 months on select requirements for organisations who need to make adjustments and extra efforts.