We are often asked about the differences between the Cyber Essentials and Cyber Essentials PLUS standard, and what level they should choose.
There are some circumstances that will dictate the level you are required to have in tenders, especially with Government contracts, and the level there depends on the risk that they associate with the particular contract. But for everyone else, here’s a brief run down on the two levels of certification.
Cyber Essentials is a security standard that is designed to mitigate against the most common cyber attacks, and University of Lancaster research has shown that with Cyber Essentials controls in place 99% of the common attacks they tested against where either fully mitigated (69.2%) or partially mitigated (29.8%). There is a set list of requirements that your organisation is required to meet as published by the National Cyber Security Centre (Part of GCHQ).
The Cyber Essentials (basic) is a self-certification that is assessed by companies such as ours, to validate the answers. This means that you’re asked to supply answers to a questionnaire (with evidence) through our online portal, assessment at this level is simply a pass or fail and feedback given on areas of non compliance.
Cyber Essentials PLUS builds on the self certification questionnaire, as it is an independently audited test of the controls required by the ‘basic’ level, along with an internal and external vulnerability scan. This means that we, as a certification body will visit your offices and perform a test that is in line with the Cyber Essentials requirements. Every certification body will have the same test process, however – the costs may vary.
The vulnerability scan will identify unpatched, or unsupported software, open ports, incorrect firewall configurations – all elements that the basic level will require your own working knowledge of your IT systems to answer.
That can really only be answered by your motivations for gaining the accreditation, are you doing it as we said at the start (as part of a tender requirement) or are you just looking to check your business has the basics in place?
To continue reading, please click here
Southern IT Networks provides technology advice, support and management for SME's, with specialisation in regulated industries, Office365 & Azure
The following Cookies are used on this Site. Users who allow all the Cookies will enjoy the best experience and all functionality on the Site will be available to you.
You can choose to disable any of the Cookies by un-ticking the box below but if you do so your experience with the Site is likely to be diminished.
In order to interact with this site.
To help us to measure how users interact with content and pages on the Site so we can make
things better.
To show content from Google Maps.
To show content from YouTube.
To show content from Vimeo.
To share content across multiple platforms.
To view and book events.
To show user avatars and twitter feeds.
To show content from TourMkr.
To interact with Facebook.
To show content from WalkInto.