About Cyber Essentials
Cyber Essentials is a government backed scheme that will help you to protect your organisation, whatever its size, against a whole range of the most common cyber attacks.
Cyber attacks cost organisations thousands of pounds and can cause huge disruption. Businesses big and small can be targets if they don’t have the proper measures in place to protect them.
Cyber Essentials shows you how to prevent the most common attacks and protect your business.
Cyber Essentials is designed to fit with whatever level or commitment you are able to sustain. There are two levels of engagement:
- Cyber Essentials certification
- Cyber Essentials Plus certification
There have been a number of changes to the Cyber Essentials scheme as of April 2020. The certification now has an expiry date of 12 months which encourages maintenance of controls. The Information Assurance for Small and Medium Enterprises (IASME) has now been chosen as the single accreditation body for the certifications.
Why Cyber Essentials is important
Cyber Essentials helps prevent the vast majority of cyber attacks. Even a simple virus or piece of malware could result in your business facing consequences like:
- loss of company and client data
- disruption to cash flow
- staff time taken up trying to resolve the issue
- trading delayed / stopped
- damage to your hard-earned reputation
- losing customers
- fines or prosecution (loss of data could breach the Data Protection Act)
Self-help for Cyber Essentials
Self-help Cyber Essentials helps you familiarise yourself with cyber security terminology, gaining enough knowledge to begin securing your IT.
Cyber Essentials recommend five technical controls that you should put in place to put you and your organisation on the path to better cyber security. The 5 controls are:
- using a firewall to secure your internet connection
- make sure you have the most secure settings to secure your devices and software
- control access to your data and services
- protect yourself from viruses and other malware
- keep your devices and software up to date
You can find out more about self-help Cyber Essentials and what you can put in place today on the
Cyber Essentials website.
Government of Jersey suppliers certification requirements
From January 2020, all suppliers in receipt of contracts valued at more than £25,000 must demonstrate adherence to Cyber Essentials or an equivalent standard.
These requirements apply unless the contract is subject to a specific internal exemption signed by the Treasurer of the States. Exemptions may be granted in exceptional circumstances where the information security risk is judged to be low and a supplier represents significantly better value for money than alternatives and/or where substitutes are not readily or practically available. We are committed to securing our data and promoting the adoption of robust cyber security standards by Jersey businesses.
Benefits of getting certified
Cyber Essentials can help your organisation in many ways, including:
- reassuring customers that you take cyber security seriously
- listing on our directory of organisations awarded Cyber Essentials
- attracting new business with the promise you have cyber security measures in place
- allowing you to bid for government contracts
In the future Cyber Essentials will be a mandatory requirement for suppliers of government contracts which involve handling personal information and providing some ICT products and services.
Cyber Essentials certification
This self-assessment option gives you protection against a wide variety of the most common cyber-attacks. The certification process has been designed to be light-weight and easy to follow. Pre April 2020, this process involved organisations completing a self-assessment questionnaire, the responses of which were reviewed by an external certifying body. It also included an external vulnerability scan. This process has now changed as of April 2020 and an external vulnerability scan is no longer part of Cyber Essentials. The self-assessment will now include more 'free text' than organisations may have been used to with previous accreditation bodies, encouraging more communication between the assessor and organisation being assessed to ensure all assessment criteria are appropriately met.
Cyber Essentials Plus
The protections you need to have in place are the same as the Cyber Essentials certification, but this time the verification of your cyber security is carried out independently by a Certification Body. As of April 2020, the Cyber Essentials Plus certification also has minor changes, with more in-depth scans being carried out by the assessor to ensure internet facing technology is sufficiently covered.
How to get Cyber Essentials / Plus certification
The first step to gaining your Cyber Essentials / Plus certification is to select a Certification Body. You have the option of choosing a local certification agency or a UK agency.
Option 1 – Local certification agencies
With the April 2020 Accreditation body change, only one local company can now provide the CE certification locally.
Option 2 - UK accreditation bodies
Select a certification agency through the IASME Certification bodies on the
IASME website. Read the details about each of these companies and choose one which feels like a good fit for your organisation.
It is the Certification Bodies which will perform your evaluation and award your Cyber Essentials Certificate.
If an organisation is successful in obtaining a Cyber Essentials (CE) or Cyber Essentials Plus (CE+) certification, the certification will only remain valid for a year from the date of passing. This is to encourage controls to be maintained rather than be implemented to just pass the initial assessment.
Let us know once you're certified
Organisations that are Cyber Essentials / Cyber Essentials Plus certified are listed on gov.je. Once you're certified complete our online form to let us know and you'll be added to the list.
Register your company's Cyber Essentials and Cyber Essentials Plus certification