Cyber Advisor (Cyber Essentials) Scheme
The new NCSC scheme to help organisations of all sizes access consistent, high quality cyber security advice.
On this page please find the following sections:
Reputable expert support for organisations of all sizes
In the past, organisations seeking help from an NCSC approved cyber security expert tended to be very large and complex or be from the defence, security or banking industries or part of the critical national infrastructure. If your requirements are complex, or you operate in a nationally critical sector, see the NCSC Assured Cyber Security Consultancy scheme pages.
Today, expedited by the pandemic, the widespread adoption of digital technology for products and services has made basic cyber security essential to every business that connects to the internet. Accessibility to this protection contributes to the national security of the UK. Consequently, the NCSC aims to extend its reach to offer a trusted source of cyber security advice to a wider range of organisations.
Despite a growing emphasis on cyber security, many organisations often find it hard to choose the right help to meet current guidance. The Cyber Advisor scheme aims to ensure the understanding and application of trusted cyber security advice.
How it works
Cyber Advisors will initially focus on helping organisations to implement the five Cyber Essentials Technical Controls. This service will be known as Cyber Advisor (Cyber Essentials). The name includes Cyber Essentials in order to differentiate them from any future assured Cyber Advisors assisting small organisations in other areas of cyber security.
The Cyber Essentials standard has been adopted because the NCSC recognises this as a good baseline standard that defends against a range of commonly experienced cyber attacks, including ransomware attacks.
Cyber Advisors (Cyber Essentials) can help organisations assess the gap between their current cyber security stance, and that achieved by implementing the Cyber Essentials technical controls. This service is tailored towards small and medium sized organisations and the Advisors have all been assessed not just on their technical knowledge, but also their ability to work specifically with small organisations.
With the specific needs of an individual business in mind, Cyber Advisors can provide hands-on support to help the organisation take recommended actions.
An organisation will be helped to meet the Cyber Essentials technical controls, however, they do not necessarily need to be aiming for Cyber Essentials certification. The advice offered by Cyber Advisors will help prepare an organisation should they wish to certify, in which case, they will need to apply through a Cyber Essentials Certification Body.
Cyber Advisors can help organisations by:
- Conducting Cyber Essentials gap analysis to assess the organisations internet-facing IT, identifying where it fails to meet the Cyber Essentials controls
- Developing reports on the status of the organisation’s Cyber Essentials controls i.e. detailing the requirements that are met and those that are not; describing why controls are not met and the risks the organisation is exposed to; recommended actions to take
- Working with the business to agree remediation activities
- Planning remediation activities that align to the risk and business priorities
- Implementing remediation activities – or guide technical teams to do so – sympathetically to operational activities
- Developing and presenting post-engagement reports summarising the engagement and detailing any remediation work completed, pointing out any residual risk with recommendations for reducing those risks
Find a Cyber Advisor
Any organisation can find a qualified and approved Cyber Advisor working within companies assured by the NCSC. This makes it simple for organisations that are starting out on their cyber security journey to benefit from expert skills and advice offered by qualified individuals.
How to select a Cyber Advisor
When choosing a provider, you may wish to consider whether they have the relevant experience in the sector you operate in, or in the technology that you use.
There is no recommended price for assured Cyber Advisors to charge. Each job will vary dependent upon the size of your organisation and the complexity of your IT.
All Cyber Advisors have passed an independent assessment which measured their:
- knowledge and understanding of the Cyber Essentials’ technical controls
- competence in providing practical, hands-on support
- ability to understand and work with small and medium sized organisations
All Cyber Advisors must work for a company which has met the NCSC’s standards and been accepted as an Assured Service Provider. Customers are assured that the advice they receive can be trusted.
Displaying results for: Cyber Advisor Scheme
| Company Name | Location |
|---|---|
| iTeam Solutions Ltd | Mead Lane, Saltford, Bristol, BS31 3ER |
| CSIQ Limited | CSIQ Limited, Stansted Park, Rowlands Castle, Hampshire, PO9 6DX |
| 10Steps Ltd | 80 Castlefield's Drive, Rastrick, West Yorkshire, England, HD6 3XF |
| Consider IT | Waterview House, 37 Shore, Edinburgh, Midlothian, EH6 6QU |
| Optimising IT | Twigworth Court Business Centre, Gloucester, Gloucestershire, GL2 9PG |
| Guardian Saints Community Interest Co | Eagle House, Cranleigh Close, South Croydon, Surrey, CR2 9LH |
| Achilles Systems Ltd | 167-169 Great Portland Street 5th Floor, London, London, W1W 5PF |
| CyberSecure365 | 27 Old Gloucester Street, London, WC1N 3AX |
| Aggress Ltd (CyberAggress) | Marathon House, Olympic Business Park, Drybridge Road, Dundonald, Ayrshire, KA2 9AE |
| Waterstons Ltd | Durham, Glasgow and London |
| Closed Door Security LTD | 34B Bayhead, Stornoway, HS1 2DX |
| Blunt Security Limited | 6 Trinity Place, Midland Drive, Sutton Coldfield, West Midlands, B72 1TX |
| CYFOR | Benjarron House, Greenside Way, Middleton, M24 1SW |
| Spritzmonkey Limited | Church Side Suite 1, Church Road Business Centre, Church Road, Brightlingsea, Colchester, Essex, CO7 0GG |
| Bulletproof | Unit H, J and K, Gateway 1000, Whittle Way, Stevenage, Hertfordshire, SG1 2FP |
| Arculus Cyber Security | Manchester |
| KIT365 Ltd | KIT365 Ltd, 1st Floor, Gateway House, 4 Penman Way, Leicester, LE19 1SY |
| Ascentor Ltd | Quedgeley, Gloucester, GL2 2AQ |
| 3CT Security Ltd | Malvern Hills Science Park, Geraldine Road, Malvern, Worcestershire, WR14 3SZ |
| Cool Waters Cyber | Tremough Innovation Centre, Penryn, Cornwall, TR10 9TA |
How to become a Cyber Advisor
The Cyber Advisor scheme provides small and medium sized organisations with reliable and cost effective cyber security advice and practical support.
The scheme allows the NCSC to recommend independently assured organisations to consumers, so they can have confidence in buying cyber security advice. For those providers already doing this type of work, the Cyber Advisor scheme aims to recognise your competence.
To become a Cyber Advisor (Cyber Essentials), you will need to pass the Advisor exam (Certificate of Competence in Cyber Essentials Implementation) and provide IASME with that evidence. You will then be required to sit an online induction training course. The course will take you through the essential elements of the scheme and be followed by a simple test of understanding.
You can find more information on the Advisor exam on the Cyber Scheme webpage.
Please note, all Cyber Advisors (Cyber Essentials) must be based in the UK or Crown Dependencies.
Once an individual has successfully passed the Cyber Advisor (Cyber Essentials) exam, the company they work for can become an NCSC Assured Service Provider.
Requirements to become an Assured Service Provider
All Advisors need to be part of an Assured Service Provider organisation to be able to carry out Advisor services.
All Assured Service Providers have to show they meet both security and quality requirements.
They can do this by holding one of these security certifications.
- UKAS-accredited ISO 27001 certification
- Audited IASME Cyber Assurance (Level 2) certification
They also need to hold one of these quality requirements:
- UKAS-accredited ISO 9001 certification
- IASME Quality Principles alongside an IASME Cyber Assurance (Level 2) certification
- QG Quality Fundamentals+ certification
An NCSC Assured Service Provider must also:
- Provide independently verified evidence that they have achieved and maintain Cyber Essentials
- Sign and return the associated contract
- Employ at least one individual who has passed the Cyber Advisor assessment
- Pay an annual subscription fee
If your company is interested in becoming an NCSC Assured Service Provider, please contact us at [email protected]. Your professionalism, expertise and attitude is more important to us than size and we are happy to licence to companies of all sizes.
Frequently Asked Questions
Why are we launching the Cyber Advisor scheme?
Despite a growing emphasis on cyber security, many organisations often find it hard to choose the right help to meet current guidance – they don’t know who to trust, or fear they will over-pay or be sold more than they need. The Cyber Advisor scheme aims to ensure the understanding and application of trusted cyber security advice at a proportionate price.
Why does the Cyber Advisor service centre around the 5 Cyber Essentials controls ?
Does implementing Cyber Advisor advice lead to Cyber Essentials certification?
Organisations looking for advice do not need to be aiming for Cyber Essentials certification. The advice offered by Cyber Advisors will prepare you for certification. However, Cyber Advisors cannot issue Cyber Essentials certification (unless they are also a Cyber Essentials Certification Body assessor), so organisations will still need to apply for Cyber Essentials certification separately.
What is the difference between a Cyber Essentials Certification Body and a Cyber Advisor Assured Service Provider?
A Cyber Essentials Certification Body can assess if an organisation meets the criteria required for Cyber Essentials certification and issue that certification – something a Cyber Advisor cannot do unless their organisation is also a Cyber Essentials Certification Body.
How do I get help from a Cyber Advisor?
What are the requirements to become a Cyber Advisor Assured Service Provider?
- Have independently verified evidence that they have achieved and maintain Cyber Essentials certification
- Have good cyber security and can keep client data secure
- Be committed to achieving an excellent and consistent client experience by using a quality management system.
An annual subscription fee will also be charged.
Full details of the requirements to be an Assured Service Provider can be seen here.
What are the benefits of being a Cyber Advisor? Why become one?
The Cyber Advisor scheme allows the NCSC to recommend independently assured organisations that can help their customers implement a baseline level of cyber security. By creating a trusted ecosystem, consumers will know better who to engage and what to expect. Furthermore, for those already doing this work, the Cyber Advisor scheme aims to recognise their competence.
How much will Cyber Advisors charge?
What is the cost for firms to become a Cyber Advisor?
Annual fee of £600 per organisation, and £250 per advisor. There will also be a one-off onboarding charge of £250.
What is the cost to take the Cyber Advisor assessment?
The cost to take the Cyber Advisor assessment can be found on the Cyber Scheme webpage. The assessment will remain valid for three years. After three years a resit will be required.
Where can I get more information?
For more information, please contact IASME at [email protected]
Find Out More
Have a look at our Frequently Asked Questions or speak to our team