A GUIDE TO CYBERSECURITYCERTIFICATIONS IN THE UK

www.cybersmart.co.uk

FROM CYBER ESSENTIALS TO ISO 27001

CONTENT

Cyber Security Compliance

The Cyber Essentials Scheme

Cyber Essentials Plus

ISO 27001 & Cyber Essentials

Compliance Made Easy

0 3

www.cybersmart.co.uk

3

4

5

6

7

WELCOME TO CYBERSMART

We are the automated compliance experts, bringingtechnology solutions to the ever growing area ofcybersecurity compliance and certification. In this paper we explain the relationship betweenkey certification standards.

CYBER SECURITYCOMPLIANCE

Ever since the Cyber Essentials scheme launched in2014, SMEs and large companies have used it as a wayto strut their cybersecurity expertise and comply withindustry regulations. Those conscientious companiesthat complete the scheme get themselves listed on asearchable register of certified businesses andorganisations. Unfortunately, many companies are in the dark aboutthe Cyber Essentials scheme. According to the CyberSecurity Breaches Survey 2019, only 11% of businessesare aware of the Cyber Essentials certification andwhat it means. That’s why we’ve created this guide totake you through the cybersecurity journey. The truth is that the journey to cybersecuritycompliance isn’t as simple as filling out an application.The road can wind from the basics of Cyber Essentialsto the independent auditing of Cyber Essentials Plus.Some organisations even choose to go down the rootof ISO27001 compliance. In this guide, we’re going to cut through the noise andtell you what the Cyber Essentials scheme is, how youcan get certified and help you understand whether ornot certification is right for you. We’ll also look at howyou can add ISO27001 to the mix as well.

www.cybersmart.co.uk

0 4

THE CYBER ESSENTIALSSCHEME

Cyber Essentials scheme is a cybersecurity certificationthat outlines the security procedures a company shouldhave in place to keep their data secure. Firewalls,internet gateways, secure configuration, access control,malware protection, and patch management are justsome of the protection measures the certificationcovers. Getting certified is simple enough; you achievecertification by completing a self-assessmentquestionnaire and submitting it through an onlineportal. You also have to complete a remote technicalassessment as well. Once you have applied, acertification body assesses and grades the application. After completing the scheme, you will have achievedthe basic Cyber Essentials certification. At this point,you’ve shown you get the basics of cybersecurity. If youreally want to prove to clients that you have robustcybersecurity procedures, then you will need to beverified by an independent expert. For that you willneed to complete Cyber Essentials Plus.

0 5

www.cybersmart.co.uk

CYBER ESSENTIALS PLUSCyber Essentials Plus is the higher level of certificationoffered under the Cyber Essentials scheme. To achievethis certification, you need to hold an independentassessment onsite (which is conducted by a qualifiedauditor). The auditor will review your cybersecurity measures andverify that your data handling skills are up to scratch. Werecommend Cyber Essentials Plus to those who want athorough assessment of their cybersecurity measures. Deciding which certification is better depends entirelyon your goals. If you’re looking to achieve certificationjust to get on the public register and access certaingovernment contracts, you should opt for CyberEssentials. However, if you want to really show yourcustomers that data protection is a high priority andwork with top-notch clients, Cyber Essentials Plus is thebetter option. It is important to note that both levels have the samerequirements that you need to fulfil. The difference liesin the type of assessment and the cost of paying forindependent auditing to achieve the Plus certification. You also want to consider how much you have to spend.SMEs are unlikely to have the budget to pay for anindependent auditor, so unless data compliance iscritical to your sector, the Cyber Essentials certificationis usually sufficient.

0 6

www.cybersmart.co.uk

ISO27001 AND CYBERESSENTIALS

If you want to cover all bases, then working towardsboth the ISO27001 and Cyber Essentials is a viableoption. Just because you are ISO27001 certified doesn’tmean that you are Cyber Essentials compliant or viceversa. Becoming certified in both is an excellent optionfor ensuring 360-degree protection, but it requires aninvestment of more time. The best way to go the 360-degree protection route isto choose one certification to implement first and thentransition to the other. Don’t make the mistake oftrying to do everything at once! Which you pick first is entirely up to you. Werecommend starting with Cyber Essentials as ISO27001is more expensive to begin with because you’ll have tomove from general security management proceduresto more intricate cybersecurity processes.

0 7

www.cybersmart.co.uk

COMPLIANCE MADE EASYWITH CYBERSMART

Trying to adapt to changing cybersecurity standards isboth a challenge and an opportunity. Embrace themindset that the Cyber Essentials scheme is anopportunity to highlight your company’s commitment toprotecting client data. At CyberSmart, we have helped many clients achieveCyber Essentials and Cyber Essentials Plus certifications.With our mobile and desktop apps, the questionnaire ispart-completed with automated reporting to speed upthe process. CyberSmart brings you same-day certification with 100%pass rate. If you’d like to obtain your Cyber Essentials certification,please visit our website www.cybersmart.co.uk or email uson hello@cybersmart.co.uk and one of our experts willhelp you.

0 8

www.cybersmart.co.uk

CyberSmart really helped us on our journey to achievingCyber Essentials certification. The device compliance is areal help and their support team were always on handto offer advice relating to both the product and the CEscheme. Once we submitted the completed applicationwe were certified within a few hours - having this all inone place was useful. 

Get in touch

145 City Road 7th Floor London

EC1V 1AW

020 7993 6990 hello@cybersmart.co.uk

www.cybersmart.co.uk

V3.0