Cyber Essentials Plus
After a lot of hard work we were officially certified “Cyber Essentials Plus” on 19 March 2018.
This was great news for us as it clearly illustrates our promise to put security at the heart of our processes and infrastructure, reassuring our customers that the trust they have placed in us is well founded.
What is Cyber Essentials?
Cyber Essentials is a certification that ensures that you as a business are protected against the most common cyber attacks. During the assessment, we are challenged about processes and procedures, our network, the systems we use, and pretty much any aspect of our business that could leave us vulnerable. It confirms that we are doing everything we can to keep our data and systems secure.
Specifically, it covers five ways to do this:
- Securing your Internet connection
- Securing any and all devices or software you use to access business data
- Controlling access to your data and services so only people who need access have it
- Protecting your devices and infrastructure from viruses and other malware
- Keeping all devices and software up to date
Where does the Plus come in?
Cyber Essentials Plus means that not only have we passed our Cyber Essentials certification, but we also had an independent security firm come in and carry out an audit to confirm that we do what we say we do.
This external verification of our cyber security underlines our commitment to transparency, data protection and security. Only 10% of Cyber Essentials certifications achieve the Plus.
What was the process?
Answers to a detailed set of questions are checked and approved. The process was straightforward but thorough, the translation of our processes (and the implementation of a few new ones) required the investment of some serious time and effort.
This first phase meant that we needed to bundle all of our documented security and data protection processes into structured answers to an in-depth questionnaire which was provided to us by our certification partner. In our case, we selected TeraByte, a very knowledgeable and supportive organisation.
Then came the in-depth part to achieve the Plus certification. The audit team from TeraByte came into our office to see first hand what we had outlined as our processes and procedures. They then spent time checking that these were effective and that everyone knew what they should be doing. Finally, we had to prove that we were ‘actually’ following these procedures by looking at how we police and audit what happens.
As a company, we have a set of principles that we apply to internal procedures and our Cyber Essentials accreditation was no different: Document – Implement – Audit.
• Say what you are going to do
• Do it
• Prove that it was done
For ease of reference, our Cyber Essentials certificate details are shown below;