About the organisation
Established in 1973, Marl International Ltd is based in Cumbria. Its main focus is delivering innovative LED lighting solutions to customers based in the UK and over 50 countries around the world.
Steps to becoming Cyber Essentials certified
Marl was first drawn to the Cyber Essentials scheme after an external evaluation highlighted gaps in the company’s cyber security. On the basis that the company did not hold large customer databases, it set out to find a simple and cost-effective solution to bolster its cyber security posture. It became Cyber Essentials certified in 2015, before later upgrading to Cyber Essentials Plus.
“Cyber Essentials was not difficult to achieve. When undertaking the self-assessment, we realised we had around 90% of it covered already, and you get all of the information you need to pass. Cyber Essentials Plus goes further because it involves external assessment and we found things out during the assessment that weren’t quite right that we could then go and fix.”
Obstacles overcome
As the scheme’s requirements evolve year-on-year, Marl has needed to be responsive to those changes. But the company sees this as a positive and feels it has been able to consistently improve its security measures.
“There’s a questionnaire and audit we do in advance of re-certifying, which tells us any issues we need to resolve so we’re ready. The assessor will go through everything and tell us anything else outstanding we need to fix.”
Impact
Becoming Cyber Essentials certified has turned out to be a valuable endeavour, especially as many of Marl’s clients now require Cyber Essentials for contractual purposes.
The scheme has led to several positive and lasting differences for Marl. For example, the company has taken a proactive approach to updating software and checking for vulnerabilities. Marl has also hired an internal auditor to carry out a comprehensive scan of the company’s systems. This has allowed it to be in the best position possible when going through annual re-certification.
“We have a check up on our system every month with internal audits. We also run a vulnerability scan that goes through every machine that is switched on and does a verification check.”
Final message
Marl believes Cyber Essentials to be vital for SMEs, and since most companies cannot afford to spend thousands each year on cyber security, it represents a cost-effective solution to ensure a baseline level of protection against cyber threats.
Organisations seeking to achieve Cyber Essentials may need support achieving certification. Find free guidance and professional advice on our Help and Resources page.
Apply for Cyber Essentials here.
This case study was generated as part of the DSIT Cyber Essentials impact evaluation. To access the full evaluation, please click here.