HomeFAQsSecurity Standards

Security Standards

What is Cyber Essentials?
Cyber Essentials is a simple but effective, Government backed scheme that will help you to protect your organisation, whatever its size, against a whole range of the most common cyber attacks.

Why choose Cyber Essentials?
Cyber attacks come in many shapes and sizes, but the vast majority are very basic in nature, carried out by relatively unskilled individuals. They’re the digital equivalent of a thief trying your front door to see if it’s unlocked. Cyber Essentials guidance is designed to prevent these attacks.

Cyber Essentials helps you to guard against the most common cyber threats and demonstrate your commitment to cyber security for the benefits of your customers and partners.

What are the benefits of Cyber Essentials?
⦁ Reassure customers that you are working to secure your IT against cyber attack
⦁ Attract new business with the promise you have cyber security measures in place
⦁ You have a clear picture of your organisation’s cyber security level
⦁ Some Government contracts require Cyber Essentials certification
What does the Cyber Essentials’ scheme certify against?
The scheme covers five main technical control areas, namely:
⦁ Securing your Internet connection (firewalls and routers)
⦁ Securing your devices and software (secure configuration)
⦁ Control access to your data and services (access control)
⦁ Protection against viruses and other malware (malware protection)
⦁ Keeping your devices and software up to date (software updates)

How much does it cost to get Cyber Essentials certification?
The cost of Cyber Essentials (verified self-assessment) is £300 + VAT.

Where can I find additional help and advice?
Contact us to help guide or if you wish to have direct contact with the certification authority for Cyber Essentials then email IASME at info@iasme.co.uk or call 03300 882752.

What is the difference between Cyber Essentials and Cyber Essentials Plus?
Cyber Essentials Plus is the more advanced level of certification. You cannot become Cyber Essentials Plus certified without first being Cyber Essentials certified. The five control themes are exactly the same, and must still be met, but the certification process is slightly different. Cyber Essentials Plus includes a scan of an external vulnerability. This means that a certification bodies will be visiting your office and would be conducting a test that meets the Cyber Essentials requirements. However, each certification body should have the same testing process – the cost will differ.

What is ISO 27001?
ISO/IEC 27001 is an international standard on how to manage information security.

What is an ISMS?
This is an Information Security Management System which provides a management framework of policies and procedures that will keep your information secure.

What are the benefits of ISO 27001?
ISO 27001 certification demonstrates that you have identified the risks, assessed the implications and put in place systemised controls to limit any damage to the organisation. Benefits include:
⦁ Increased reliability and security of systems and information
⦁ Improved customer and business partner confidence
⦁ Increased business resilience
⦁ Alignment with customer requirements
⦁ Improved management processes and integration with corporate risk strategies

What is required for ISO IEC 27001 2013 certification?
Documenting and implementing information security-related requirements (e.g., risk assessment requirements) are only part of the job if an organisation wants to achieve certification. ISO 27001 also requires organisations to perform internal audit management review, and treatment of nonconformities and corrective actions.

How long does it take to get ISO IEC 27001 certification?
The timing of the ISO 27001 certification process, between starting implementation and finishing the certification audit, varies according to many variables (e.g., available resources, experience with the standard’s requirements, top management involvement, etc.), but the whole process generally takes between 3 and 12 months. Some organisations perform a gap analysis against the standard requirements to have an idea about how much time they will take to implement it.

Can a person be ISO certified?
Yes. The most recognised certifications for those seeking to acquire competencies are ISO 27001 Lead Auditor, ISO 27001 Lead Implementer, ISO 27001 Internal Auditor, and ISO 27001 Foundations.

How do I become ISO certified?
To become ISO 27001 certified, you must attend a course and pass its final exam. The ISO 27001 certification exam covers both theoretical questions and situational questions, where the candidate must demonstrate how to apply the concepts learned.
Who issues ISO 27001 certification?
Certificates for companies are issued by organisations called certification bodies, which are entities licensed by accreditation bodies to perform certification audits and assess if a company’s Information Security Management System (ISMS) is compliant with ISO IEC 27001.
Certifications for individuals are issued by organisations called training providers, and the most relevant courses are accredited, which guarantees the certificates will be recognised worldwide.