Cyber Essentials is a UK government scheme supported by the
NCSC (National Cyber Security Centre) sets out five basic security
controls that can protect organisations against 80% of common
The scheme is designed to help organisations of any size
demonstrate their commitment to cyber security – while keeping the
approach simple and the costs low.
The Cyber Essentials certification process is managed by the
IASME Consortium (IASME), which licenses certification bodies to
carry out Cyber Essentials and Cyber Essentials Plus certifications.
CCN Limited are registered partners with the licenced certification body IT Governance and will guide you through the process and guarantee certification.
Correctly implementing five basic security controls will protect your
organisation against the most common cyber threats.
Achieving Cyber Essentials certification will help you demonstrate
your commitment to data protection and cyber security.
Cyber Essentials certification will help boost your reputation and
give you a better chance of winning new business.
You can focus on your core business objectives knowing you are
protected from the most common cyber attacks.
Cyber insurance agencies look more favourably on organisations
that have achieved Cyber Essentials certification.
Cyber Essentials will permit you to work with the UK government
and Cyber Essentials Plus will allow you to work with the MOD.
Choose the certification that's right for you:
Certification can apply to organisation’s full enterprise IT or just a subset. Either way, the scope of the network needs to be clearly defined before the certification process can get underway.
Please refer to the “certification process stages” section of the Cyber Essentials Guide.
As part of the certification process and scope, CCN will carry out a pre-assessment security audit on your network which will include a review of your staff awareness methodology and internal security processes. On completion, you will be advised as to any changes that may be required.
Once the organisation has determined its scope and the Audit is complete the next step to certification is to complete a self-assessment questionnaire (SAQ). This comprises 70 questions across 8 sections (including the 5 control areas); all sections must be passed for certification to be awarded.
Additional assessment such as internal and external vulnerability scans against the public – facing infrastructure patch levels and system configuration will be carried out along with a security and anti-malware test to ensure the systems are resistant to malicious email attachments and web binaries.