Cyber Essentials

About Cyber Essentials

Cyber Essentials is a government backed scheme that will help you to protect your organisation, whatever its size, against a whole range of the most common cyber attacks.

Cyber attacks cost organisations thousands of pounds and can cause huge disruption. Businesses big and small can be targets if they don’t have the proper measures in place to protect them.

Cyber Essentials shows you how to prevent the most common attacks and protect your business.

Cyber Essentials is designed to fit with whatever level or commitment you are able to sustain. There are two levels of engagement:

Cyber Essentials certification
Cyber Essentials Plus certification

There have been a number of changes to the Cyber Essentials scheme as of April 2020. The certification now has an expiry date of 12 months which encourages maintenance of controls. The Information Assurance for Small and Medium Enterprises (IASME) has now been chosen as the single accreditation body for the certifications.

Why Cyber Essentials is important

Cyber Essentials helps prevent the vast majority of cyber attacks. Even a simple virus or piece of malware could result in your business facing consequences like:

loss of company and client data
disruption to cash flow
staff time taken up trying to resolve the issue
trading delayed / stopped
damage to your hard-earned reputation
losing customers
fines or prosecution (loss of data could breach the Data Protection Act)

Self-help for Cyber Essentials

Self-help Cyber Essentials helps you familiarise yourself with cyber security terminology, gaining enough knowledge to begin securing your IT.

Cyber Essentials recommend five technical controls that you should put in place to put you and your organisation on the path to better cyber security. The 5 controls are:

using a firewall to secure your internet connection
make sure you have the most secure settings to secure your devices and software
control access to your data and services
protect yourself from viruses and other malware
keep your devices and software up to date

You can find out more about self-help Cyber Essentials and what you can put in place today on the Cyber Essentials website.

Government of Jersey suppliers certification requirements

From January 2020, all suppliers in receipt of contracts valued at more than £25,000 must demonstrate adherence to Cyber Essentials or an equivalent standard.

These requirements apply unless the contract is subject to a specific internal exemption signed by the Treasurer of the States. Exemptions may be granted in exceptional circumstances where the information security risk is judged to be low and a supplier represents significantly better value for money than alternatives and/or where substitutes are not readily or practically available. We are committed to securing our data and promoting the adoption of robust cyber security standards by Jersey businesses.

Benefits of getting certified

Cyber Essentials can help your organisation in many ways, including:

reassuring customers that you take cyber security seriously
listing on our directory of organisations awarded Cyber Essentials
attracting new business with the promise you have cyber security measures in place
allowing you to bid for government contracts

In the future Cyber Essentials will be a mandatory requirement for suppliers of government contracts which involve handling personal information and providing some ICT products and services.

Cyber Essentials certification

Cyber Essentials

This self-assessment option gives you protection against a wide variety of the most common cyber-attacks. The certification process has been designed to be light-weight and easy to follow. Pre April 2020, this process involved organisations completing a self-assessment questionnaire, the responses of which were reviewed by an external certifying body. It also included an external vulnerability scan. This process has now changed as of April 2020 and an external vulnerability scan is no longer part of Cyber Essentials. The self-assessment will now include more 'free text' than organisations may have been used to with previous accreditation bodies, encouraging more communication between the assessor and organisation being assessed to ensure all assessment criteria are appropriately met.

Cyber Essentials Plus

The protections you need to have in place are the same as the Cyber Essentials certification, but this time the verification of your cyber security is carried out independently by a Certification Body. As of April 2020, the Cyber Essentials Plus certification also has minor changes, with more in-depth scans being carried out by the assessor to ensure internet facing technology is sufficiently covered.

How to get Cyber Essentials / Plus certification

The first step to gaining your Cyber Essentials / Plus certification is to select a Certification Body. You have the option of choosing a local certification agency or a UK agency.

Option 1 – Local certification agencies

With the April 2020 Accreditation body change, only one local company can now provide the CE certification locally.

Option 2 - UK accreditation bodies

Select a certification agency through the IASME Certification bodies on the IASME website. Read the details about each of these companies and choose one which feels like a good fit for your organisation.

It is the Certification Bodies which will perform your evaluation and award your Cyber Essentials Certificate.

Certification Expiry

If an organisation is successful in obtaining a Cyber Essentials (CE) or Cyber Essentials Plus (CE+) certification, the certification will only remain valid for a year from the date of passing. This is to encourage controls to be maintained rather than be implemented to just pass the initial assessment.

Let us know once you're certified

Organisations that are Cyber Essentials / Cyber Essentials Plus certified are listed on gov.je. Once you're certified complete our online form to let us know and you'll be added to the list.