Since the launch of Cyber essentials in 2014, there has been a steady rise in businesses adopting the scheme to make the UK the safest place to do business online. Over 35,000 certificates has been issued over the past 5 years but the NCSC (National Cyber Security Centre) have made it clear that they want a lot more.
The first major change has come in a way of creating a simplified operating model and streamlined user experience. The IASME Consortium will now replace the 5 existing accreditation bodies as the sole Cyber Essentials Partner from April 2020.
It’s business as usual for Xyone as one of the first certification bodies since 2014. All Certification bodies must now align to one way of conducting assessments. We have held partner and client webinars last week to help understand this better.
Your Xyone account manager will contact you in advance of your renewal with invoice for £300 +VAT.
All devices with access to the network and business information will be in scope for CE, this includes and is not limited to personal mobile devices with access to emails.
The Cyber Essentials self-questionnaire will now be around 70 questions as opposed to 40 and will go into more detail as to the number/type of devices used including operating systems. Remember:
- All software including operating systems must be supported by the vendor
- All devices and operating systems must be listed in the questionnaire for scoping
- The scope must be the same for Cyber Essentials Basic and Cyber Essentials Plus
- If the scope is changed between the Basic and Plus assessments, the basic must be completed again under the new scope before proceeding.
- Ensure that accounts have the correct privileges i.e admin and that unused account are disabled or deleted where necessary.
- If you are being assessed for the Cyber Essentials Plus, the questionnaire must be completed before we are able to complete the on-site assessment.
- All questionnaires will be filled out on a new portal provided by IASME
If remediation is required within the questionnaire, you will have 2 business days to rectify them, if you surpass the 2-day grace period you will be required to start the process again.
National Cyber Security Centre and IASME will be releasing a new Cyber Essentials Logo for people to identify between the old and the new scheme.
All Cyber Essentials assessments must be signed off by a board level member of the organisation, a third party IT Management Service company can not complete the sign off.
When an organisation with a turnover under £20,000,000 achieves self-assessed certification covering their whole organisation to either the basic level of Cyber Essentials or the IASME Standard, they are automatically awarded Cyber Liability Insurance, terms apply. Find out more here: https://iasme.co.uk/cyberessentials/automatic-insurance-cover/
To gain Cyber Essentials certifications, it is a simple process beginning with you requesting a self-assessment questionnaire from Xyone. Following completion of this questionnaire, return this to Xyone and await assessment. Following a pass, you will be awarded your Cyber Essentials Badge to display on your website, marketing, and future correspondence with clients.