Upload
others
View
8
Download
0
Embed Size (px)
Citation preview
A GUIDE TO CYBERSECURITYCERTIFICATIONS IN THE UK
www.cybersmart.co.uk
FROM CYBER ESSENTIALS TO ISO 27001
CONTENT
Cyber Security Compliance
The Cyber Essentials Scheme
Cyber Essentials Plus
ISO 27001 & Cyber Essentials
Compliance Made Easy
0 3
www.cybersmart.co.uk
3
4
5
6
7
WELCOME TO CYBERSMART
We are the automated compliance experts, bringingtechnology solutions to the ever growing area ofcybersecurity compliance and certification. In this paper we explain the relationship betweenkey certification standards.
CYBER SECURITYCOMPLIANCE
Ever since the Cyber Essentials scheme launched in2014, SMEs and large companies have used it as a wayto strut their cybersecurity expertise and comply withindustry regulations. Those conscientious companiesthat complete the scheme get themselves listed on asearchable register of certified businesses andorganisations. Unfortunately, many companies are in the dark aboutthe Cyber Essentials scheme. According to the CyberSecurity Breaches Survey 2019, only 11% of businessesare aware of the Cyber Essentials certification andwhat it means. That’s why we’ve created this guide totake you through the cybersecurity journey. The truth is that the journey to cybersecuritycompliance isn’t as simple as filling out an application.The road can wind from the basics of Cyber Essentialsto the independent auditing of Cyber Essentials Plus.Some organisations even choose to go down the rootof ISO27001 compliance. In this guide, we’re going to cut through the noise andtell you what the Cyber Essentials scheme is, how youcan get certified and help you understand whether ornot certification is right for you. We’ll also look at howyou can add ISO27001 to the mix as well.
www.cybersmart.co.uk
0 4
THE CYBER ESSENTIALSSCHEME
Cyber Essentials scheme is a cybersecurity certificationthat outlines the security procedures a company shouldhave in place to keep their data secure. Firewalls,internet gateways, secure configuration, access control,malware protection, and patch management are justsome of the protection measures the certificationcovers. Getting certified is simple enough; you achievecertification by completing a self-assessmentquestionnaire and submitting it through an onlineportal. You also have to complete a remote technicalassessment as well. Once you have applied, acertification body assesses and grades the application. After completing the scheme, you will have achievedthe basic Cyber Essentials certification. At this point,you’ve shown you get the basics of cybersecurity. If youreally want to prove to clients that you have robustcybersecurity procedures, then you will need to beverified by an independent expert. For that you willneed to complete Cyber Essentials Plus.
0 5
www.cybersmart.co.uk
CYBER ESSENTIALS PLUSCyber Essentials Plus is the higher level of certificationoffered under the Cyber Essentials scheme. To achievethis certification, you need to hold an independentassessment onsite (which is conducted by a qualifiedauditor). The auditor will review your cybersecurity measures andverify that your data handling skills are up to scratch. Werecommend Cyber Essentials Plus to those who want athorough assessment of their cybersecurity measures. Deciding which certification is better depends entirelyon your goals. If you’re looking to achieve certificationjust to get on the public register and access certaingovernment contracts, you should opt for CyberEssentials. However, if you want to really show yourcustomers that data protection is a high priority andwork with top-notch clients, Cyber Essentials Plus is thebetter option. It is important to note that both levels have the samerequirements that you need to fulfil. The difference liesin the type of assessment and the cost of paying forindependent auditing to achieve the Plus certification. You also want to consider how much you have to spend.SMEs are unlikely to have the budget to pay for anindependent auditor, so unless data compliance iscritical to your sector, the Cyber Essentials certificationis usually sufficient.
0 6
www.cybersmart.co.uk
ISO27001 AND CYBERESSENTIALS
If you want to cover all bases, then working towardsboth the ISO27001 and Cyber Essentials is a viableoption. Just because you are ISO27001 certified doesn’tmean that you are Cyber Essentials compliant or viceversa. Becoming certified in both is an excellent optionfor ensuring 360-degree protection, but it requires aninvestment of more time. The best way to go the 360-degree protection route isto choose one certification to implement first and thentransition to the other. Don’t make the mistake oftrying to do everything at once! Which you pick first is entirely up to you. Werecommend starting with Cyber Essentials as ISO27001is more expensive to begin with because you’ll have tomove from general security management proceduresto more intricate cybersecurity processes.
0 7
www.cybersmart.co.uk
COMPLIANCE MADE EASYWITH CYBERSMART
Trying to adapt to changing cybersecurity standards isboth a challenge and an opportunity. Embrace themindset that the Cyber Essentials scheme is anopportunity to highlight your company’s commitment toprotecting client data. At CyberSmart, we have helped many clients achieveCyber Essentials and Cyber Essentials Plus certifications.With our mobile and desktop apps, the questionnaire ispart-completed with automated reporting to speed upthe process. CyberSmart brings you same-day certification with 100%pass rate. If you’d like to obtain your Cyber Essentials certification,please visit our website www.cybersmart.co.uk or email uson [email protected] and one of our experts willhelp you.
0 8
www.cybersmart.co.uk
CyberSmart really helped us on our journey to achievingCyber Essentials certification. The device compliance is areal help and their support team were always on handto offer advice relating to both the product and the CEscheme. Once we submitted the completed applicationwe were certified within a few hours - having this all inone place was useful.
Get in touch
145 City Road 7th Floor London
EC1V 1AW
020 7993 6990 [email protected]
www.cybersmart.co.uk
V3.0