A quick guide to Cyber Essentials Plus

We have just successfully passed Cyber Essentials Plus, a test we undergo every year because we value highly the security of our IT systems. We also know it gives our corporate and individual customers piece of mind when searching for information on our websites or using our T2A API methods.

So here’s a bit more information about what the accreditation is, how it’s done, and some reasons to do it in your organisation…

What is Cyber Essentials Plus?

Cyber Essentials is a scheme, backed by the UK government, that helps you protect your organisation against a range of common cyber attacks. There are two types of certification:

  • Cyber Essentials
  • Cyber Essentials Plus

Cyber Essentials is the cheaper option at £300+VAT. This is a self-assessment where you answer of series of questions relating to your IT infrastructure. For those organisations that don’t have anyone with a technical IT background and may find some of the questions difficult to answer, there is help available from one of the Certification Bodies who are trained and licensed for the Cyber Essentials scheme.

Cyber Essentials Plus involves a hands-on technical verification that your IT systems meet the required standard to repel common cyber attacks. As these hands-on tests of your network and computers are done by experts from one of the Certification Bodies, having the Cyber Essentials Plus certification displayed to customers gives more assurance that you are complying with the scheme than the basic self-assessment option above.

This was the reason we felt it better to go for the “Plus” option even though it is more expensive. The price varies depending on the size and structure of your organisation and you can get a quote on the Government’s Cyber Essentials partner IASME website here: Cyber Essentials Plus Get a Quote – Iasme

In these times of the Covid-19 pandemic we expected that we would have to look at safe distancing measures etc. when someone from our chosen certification body came to visit our office. Instead they sent us an impressive looking case of technical equipment for us to plug in. They were then able to do all their necessary checks remotely, but just as good as if they has been in our office in person.

Reasons you should get Cyber Essentials certified

As we’ve already mentioned, at T2A we thought it was well worth going for Cyber Essentials Plus. But if you can’t afford that it’s still worth doing the basic Cyber Essentials certification. There are good reasons for doing either option:

  • It prompts a review of your IT security and procedures.
  • Gives customers piece of mind that you take cyber security seriously and are taking positive steps to block all common cyber attacks.
  • Customers know that you have taken extra steps to protect their personal details and passwords.
  • Certification of the scheme, especially the Cyber Essentials Plus option, gives you an extra positive selling point to new potential customers.
  • If you tender for public sector work, some government contracts will only deal with companies that have Cyber Essentials certification.

More information

There is a good FAQs section on the National Cyber Security Centre’s (NCSC) website: Frequently Asked Questions – NCSC.GOV.UK

Here is an overview of the scheme on the NCSC website: About Cyber Essentials – NCSC.GOV.UK