With a view to streamline the customer experience and improve consistency throughout, U.K.’s NCSC (National Cyber Security Centre) has announced a partnership with the IASME Consortium making it the sole certifying body for Cyber Essentials Certification. The changes came into effect on April 1, 2020.
Since its inception in 2014, the Cyber Essentials Scheme has helped protect over 34,000 U.K. businesses from the most common cyber and commodity threats. Initially there were multiple accreditation bodies and their respective certification bodies, however, this hampered customer experience and consistency. Thus, after holding a tender process, the NCSC zeroed onto a single Cyber Essentials Partner – The IASME Consortium.
What’s Cyber Essentials?
Cyber Essentials is a Government-backed scheme designed to protect organizations of various domains and sizes (small, medium and large) against a host of most common cyberattacks. As per the NCSC, these cyberthreats come in varied shapes and sizes, but most of them are very basic in nature. Cyber Essentials helps protect and prevent these basic attacks with its two levels of certifications, Cyber Essentials and Cyber Essentials Plus. The Cyber Essentials group stresses that the cybersecurity of any organization depends on the implementation of five key technical controls:
- Firewall usage to secure internet gateways
- Using best-suited security configurations and settings for all your devices and software
- Have access control. Implement RBAC to control your data and services more efficiently
- Use anti-virus and anti-malware software and applications to better protect your devices and corresponding networks
- Regularly check and update your devices and software to protect against the latest form of common cyberthreats
Cyber Essential Certificate: A Cybersecurity Badge
This certificate scheme most importantly acts as a certified cybersecurity badge. It assures customers that you take your own and their IT security seriously. This attracts new businesses and helps you gain insights over your organization’s cybersecurity posture. Moreover, if your organization is involved or planning to bid for central government contracts across various government departments, which involves handling sensitive and personal information or the provision of certain technical products and services, then you will mandatorily require Cyber Essentials Certification.