The UK Government continues in its mission to make the UK "one of the safest places to live and do business online", and at the forefront of this mission is the Cyber Essentials programme. This initiative provides businesses the opportunity to be tested and accredited for their adherence to cyber security; a status worth having for any business with an online presence.
The two certifications available – Cyber Essentials and Cyber Essentials Plus – are voluntary accreditations which demonstrate that the applying business meets government standards on cybersecurity. While both are reviewed by an external certifying body – such as Mirus – only Cyber Essentials Plus incorporates a full systems review, providing the highest level of accreditation available.
As part of improving the Cyber Essentials scheme, the government is making some changes to the way Cyber Essentials are managed. The hope is that the following changes will make Cyber Essentials healthier, more relevant, and more conducive to a genuine, nationwide cybersecurity standard.
The Cyber Essentials scheme is made up of 5 accreditation bodies (one of which, IASME, is the accreditation body for Mirus’s own Cyber Essentials offerings). Each of these oversees a number of certification bodies, such as Mirus. Certification bodies are trained and licensed to certify against the Government’s Cyber Essentials Scheme – they’re the people who review a business’s IT setup and award the accreditation accordingly.
Under the new scheme, there will be only one accreditation body. The existing 5 will continue to operate, however from April 1st 2020, none will be taking on any new certification bodies.
For businesses, this streamlines the accreditation experience and ensures that there is a unified standard to cybersecurity – not 5 slightly variable ones.
Finally, and perhaps most crucially, all Cyber Essentials certificates from next year onwards will have a 12-month expiry date, encouraging all accredited business to recertify regularly.
I’m Applying for my Accreditation – How does this Affect me?
Right now, it doesn’t. The five existing accreditation bodies will still be relevant, and their technical standards will remain as they are. If you’re looking to apply for your Cyber Essentials or Cyber Essentials Plus certification, there’s no reason to delay it for any longer.
A Cyber Essentials accreditation doesn’t only confirm that your IT infrastructure is secured to a government-approved standard, it helps you to identify and amend any lingering technical issues that are crippling your operations, compromising your cyber security or hindering an effective backup and disaster recovery strategy.
Furthermore, with an IT infrastructure that meets government standards, you can be sure that your business is operating to the strict regulations of the GDPR. This means that even if your business were to suffer a data breach, you’re far less likely to be penalised for inadequate data defences.
If you're looking to apply for a Cyber Essentials or Cyber Essentials Plus certification, Mirus offers three package options designed to assist businesses on their journey to full accreditation. Click here to find out more.
FREE eBook - How to Recover from Common Cyber Attacks
Identify, alleviate and eliminate the most common business cyber security threats
Download our eBook “What Now? Recovering from Common Cyber Attacks” and prepare your business before, during and after a cyber attack.
Click the image to download.