Cyber essentials is a government-backed scheme designed to support the development of all UK businesses. Nevertheless, there are various requirements for organisations to meet the level of cyber security outlined by cyber essentials. Business leaders must then prove that they have taken steps to improve their cyber security infrastructure by submitting an official self-assessment.  

In this blog, you’ll find a comprehensive guide for completing the self-assessment required to obtain cyber essential certification.

 

Why is cyber essentials important? 

For businesses, the certification can open doors and attract beneficial partnerships. Some technical companies will only trade with organisations that show proof of cyber essentials certification. Similarly, you cannot bid for government contracts involving the handling of sensitive or personal information, or the provision of technical products and services, without the cyber essentials certification. 

Additionally, it can be advisable for businesses to meet cyber essentials requirements because it shows a commitment to high cyber security standards. The certification is overseen and delivered by the National Cyber Security Centre and IASME Consortium, so it acts as an endorsement from these official bodies. This is especially valuable for organisations that are responsible for storing user data, as it shows customers their personal information is secure. 

 

Conducting a cyber essentials self-assessment 

The process of obtaining the cyber essentials certification involves completing a self-assessment questionnaire, which is then sent for review by certification body. Be aware that answers to the self-assessment form must be approved by the business owner or a board level representative before they are sent.  

Before you start entering the answers in IASME’s online assessment portal, it’s important to gather a range of information relating to your business. This includes how it has been set up, how it operates (workers, premises, industry etc) and the scope of the assessment. The latter section concerns which areas of the organisation are being considered by the assessment. 

The main part of the assessment will then ask questions that relate to the five control areas of the cyber essentials scheme, which are: 

  • The protection offered by firewalls and internet gateways. 
  • How devices are configured. 
  • Software updates and technical security management. 
  • Account privileges. 
  • Malware and virus protection. 

Cyber essentials certificates expire after 12 months. This means businesses that want to display the cyber essentials over multiple years must complete a self-assessment annually. 

 

Expert cyber security consultants  

At CyberWhite, we share our expertise and knowledge in cyber security to make sure your business is protected. The cyber essentials scheme is one of the most easily accessible ways to put strong cyber defences in place. Contact us today and one of our security consultants will be happy to support you with obtaining your certification. Whether it’s filling out the self-assessment or making adjustments to your existing security framework, CyberWhite is here to help.