The Department for Business, Innovation and Skills (BIS) officially have developed a new Cyber Essentials scheme which launched on 4th June, 2014. The two part scheme is based on The 10 Steps to Cyber Security, as the government realised that the 10 Steps were not being implemented effectively. Completion of the scheme leads to certification to illustrate a basic level of cyber hygiene.

The first of two parts to the scheme provide a set of five controls, the implementation of which can provide basic cyber security and a significant reduction in an organisation’s vulnerability. In order to demonstrate an organisation’s compliance, self-assessments alongside external verification against the five criteria are required.

The five key controls are:

  • Boundary firewalls and internet gateways– This ensures no unauthorised access is allowed in or out of private networks.
  • Secure configuration- Ensuring all systems and configured correctly and appropriately
  • Access control- Only authorised persons have access to systems necessary and at the appropriate level
  • Malware protection- Ensuring virus and malware protection is installed and updated
  • Patch management- ensuring the applications are updated with the latest versions and all patches supplied by the vendor have been applied.

The second part of the scheme, Cyber Essentials Plus, requires more external assessments to analyse the organisation’s cyber resilience but offers higher assurance.  Benefits of the Cyber Essentials certification include opportunities to tender for organisations that require a Cyber Essentials certified company; improving reputation and customer trust in the company; and can also reduce insurance premiums.

How do I get a Cyber Essentials badge for my company?

To complete the Cyber Essentials certification, visit the accrediting bodies’ websites for more information.


Written by Jenny Lam