According to the UK Government, 80% of cyber-attacks could be prevented if organisations put simple cyber security controls in place.
The scheme identifies fundamental security controls that organisations should have in place to secure themselves against common cyber threats.
The benefits of becoming Cyber Essentials certified
Cyber Essentials Packages
There are two types Cyber Essentials certification – Basic (stage 1) and Plus (stage 2):
Cyber Essentials Basic
- Demonstrate Your Commitment to Security
- Assessment by cyber security experts
- Reassure customers your IT is secure against cyber attacks
- Attract new business with the promise you have cyber security in place
- A clear picture of your organisation’s cyber security level
Cyber Essentials PLUS
- All Cyber Essentials Basic features
- On-site security vulnerability assessment
- Meet security requirements of advanced government contracts
- Includes cyber essentials self assessment
- Report highlighting any major scheme non-compliances
- Full assessment report and cyber essentials plus certificate issued
Not ready to be Certified?
Use our free advice on 5 ways to protect your organisation
Cyber Essentials Plus also includes authenticated vulnerability scans of the organisation’s workstations and mobile devices and this additional phase of testing increases the validity of the certification considerably by providing evidence of compliance against the following scenarios:
- Can malicious files enter the organisation from the Internet through either web traffic or email messages?
- Should malicious content enter the organisation, how effective are the anti-virus and malware protection mechanisms?
- Should the organisation’s protection mechanisms fail, how likely is it that the organisation will be compromised due to failings in the patching of the organisations workstations?
The Plus certification is a more thorough assessment of the organisation and, as a result, may provide greater security assurance.
Cyber Essentials Basic is included as part of the Cyber Essentials Plus certification, so there is no need to purchase the Basic certification, if you are going straight for the Plus.
This depends on the certification body that you used for the Basic assessment and how recent the certification is. However, in most cases we can use the questionnaire already completed without having to start again. We offer upgrade paths at a discounted cost if you already hold the Basic certification.
For Basic certifications we will perform a retest free of charge once you have rectified any issues.
For Plus certifications we will reassess the questionnaire and re-run the external vulnerability scan free of charge, however we will need to charge if we need to revisit your premises to rerun the internal assessment.
Certifications do not expire, however it is recommended to re-certify every 12 months to ensure your environment and processes are secure.
Once you have obtained your certification from Armadillo Sec, you will receive the following:
- PDF of your certificate
- Compliance report – this details all findings and if any issues exist, recommendations are included on how to resolve these
- Colour and black and white high resolution logos, for use on your website or marketing materials
- Logo branding guidelines – guidelines on how to use the logos
Additionally, Armadillo Sec will provide you with our exclusive certification pack so that you can display your certification status and your commitment to cyber security. This includes:
- High resolution printed certificate
- Congratulations letter
- Cyber Essentials sticker pack
All Cyber Essentials certifications require organisations to complete a questionnaire to self-certify on the organisation’s security controls and configurations, however CREST Certifying Bodies also conduct a remote vulnerability scan to validate elements of the questionnaire.
Absolutely, the assessment is not just limited to Microsoft Windows operating systems. If your end users are using Apple Macs or Linux, then you can achieve the certification.
If you have multiple UK or even Global offices, you can certify just one office or just the UK office if you wish. The certification scope is then limited to that one office and the certificate would state the office that is certified, rather than the entire company.