1. Who is the Cyber Essentials accreditation designed for?
The Cyber Essentials accreditation is designed for organisations of all sizes and industries, looking to increase their cyber security knowledge and improve their data protection strategy in the event of a cyber attack.
We encourage all organisations to look at the requirements and to adopt them to their individual requirements.
2. Why should we get a Cyber Essentials accreditation?
The cyber security accreditation scheme provides organisations with a greater understanding of what cyber security controls they need to have in place, to strengthen their risk management abilities and reduce the risk of cybercrime creating a critical issue in the process of change management.
Organisations have precautions in place and are good at cyber security, can make this a selling point for their services – proving to customers through the Cyber Essentials certification, that they take cyber security seriously.
3. Which UK government contracts will I need Cyber Essentials certification for?
From 1st January 2016, the Ministry of Defence made the Cyber Essentials scheme mandatory for all its new suppliers and their supply chain.
In July 2016, the UK Government Department of Health published a “Review of data security, consent and opt-outs” which recommended, “All health and social care organisations should provide evidence that they are taking action to improve their cyber security”.
4. When and how can I apply to this scheme?
Our scheme is now open to all organisations, here.
5. How long does the entire process take?
Anywhere from a few days to a few weeks for a small business, to several months for a large organisation. Depending on the size of your business, how complex your IT system is and the level of technical controls you already have in place.
6. What’s the difference between Cyber Essentials and Cyber Essentials Plus?
The Cyber essentials basic certification includes a self-assessment questionnaire, signed off by a senior member of the company before it’s then verified by an external certification body.
A Certification from a CREST-approved body provides organisations with an extra layer of data security, as well as an external vulnerability scan.
Cyber Essentials Plus provides a more advanced level of assurance, in the form an additional internal assessment and internal scan, conducted on-site.
7. Can we become Cyber Essentials and Cyber Essentials Plus certified?
Apply for a Cyber Essentials certification here.
Apply for a Cyber Essentials Plus certification here.
8. What happens if I fail the tests or scans?
In the event of a test failure, we allow you two working days to examine the assessor’s feedback and change any simple issues with your network and policies. You can then update your answers and it will be reassessed.
However, if you still fail after these two days you will have to reapply and pay the assessment fee again.
9. How many of the questions do I need to get right to pass?
You need to get nearly all the questions right (compliant) to pass the Cyber Essentials assessment. You do need to be controlling all these aspects of your system to be certified.
10. If I fail will I get feedback on why I failed?
We provide feedback to all applicants.
You will get a pdf of all the answers you submitted and comments from the assessor against any that were considered non-compliant.
If you fail the assessment this feedback should help you improve your security so you can pass in the future.
11. How quickly can I receive my Cyber Essentials certification?
It generally takes 1-3 days from submitting your application. Let us know if you have a tight deadline and we can try to fast-track your assessment.
12. How long will I have to complete and submit my assessment?
You have 6 months to complete and submit your assessment. After which, your account could be closed and you would have to the restart the application process.
13. When I re-certify will I have to re-enter all of my information again?
Yes, you will need to re-enter all the information for re-certification, however, you can copy and paste most of your answers from the previous application, if there haven’t been major changes in your company.
14. Will a Cyber Essentials certification stop me from getting hacked?
The short answer is no. However, when added to your company strategy it can prevent up to 80% of cyber attacks.
We see the Cyber Essentials scheme as a first, necessary step for an organisation looking to secure data protection and information security.
As a cyber essentials certification offers a solid foundation of cyber security information, which all organisations can use and develop to greatly reduce their vulnerability to potential cyber attacks.
However, it doesn’t mean you’re completely safe from cyber attacks and organisations are encouraged to add additional measures to their cyber security and data protection strategy.