What is Cyber Essentials?
Cyber Essentials is an annually renewable cyber security certification scheme centred around five technical controls that help protect any organisation from the most common cyber attacks.
What is the process of certifying?
Once registered, applicants complete an online self-assessment questionnaire which addresses the scope of the assessment and the five core controls. The self-assessment relies on you being able to understand the questions and know the answers. A board member or equivalent from your organisation must e-sign a declaration to confirm that all the answers are true, then a qualified external Assessor will mark the answers.
Who are the Certification Bodies?
IASME is the Government’s Cyber Essentials Delivery Partner, and responsible for delivering the scheme. This would be impossible without the network of over 350 Certification Bodies who are located all around the UK and Crown Dependencies. Certification Bodies or CBs are qualified cyber security companies who are licensed to assess whether or not an organisation meets the criteria required for Cyber Essentials certification and issue that certification. All Certification Bodies have to show they meet both security and quality requirements and employ at least one Assessor.
The Cyber Essentials Assessors
A Cyber Essentials Assessor is a cyber security expert that is trained and qualified to assess Cyber Essentials applications and issue certification. Some Assessors are also qualified to conduct audits for the Cyber Essentials Plus certification. Each Assessor must go through training and pass the relevant assessments and exams. They must work for a Certification Body.
What is the role of the Certification Bodies in the certification process?
If an organisation is preparing for the Cyber Essentials assessment, they must make a decision. Do they plan to fill in the assessment questionnaire themselves or do they need help understanding the questions and how they apply to their organisation?
Completing the Cyber Essentials assessment without a Certification Body
Free help and guidance can be found in the Cyber Essentials Knowledge Hub and the Cyber Essentials Readiness Tool.
Organisations who wish to complete the assessment by themself or with a third party who is not a licensed Certification Body can apply for just the assessment via the IASME website.
Once you have submitted your assessment for marking, a qualified Assessor will review your answers.
Completing the Cyber Essentials assessment with the support of a Certification Body
Professional cyber security advice can be found through an NCSC assured Cyber Advisor or a licensed IASME Certification Body.
Organisations can contact a Certification Body listed on the IASME website. They will often offer a package of support along with assessment and certification. The packages vary widely and it is recommended you review a number of offers.
Organisations can also find cost-effective cyber security advice and hands-on help with an NCSC Assured Cyber Advisor listed on the IASME website. Cyber Advisors will not be able to issue Cyber Essentials certification unless they are also Certification Bodies.
You can find your nearest Certification Body here Find a Certification Body – Cyber Essentials.
You can also find a full list of all Certification Bodies that deliver Cyber Essentials by visiting our Network Directory