Supply Chain Assurance
Simplify and consolidate security review processes with a recognised cyber security certification
Ensure your supply chain security is affordable and achievable for organisations of all sizes
Gain confidence that your suppliers have effectively implemented fundamental technical controls
A cyber breach in your supply chain can have devastating effects on your business.
Secure your supply chain with government-backed certification scheme, Cyber Essentials.
Managing supply chains threats
Your organisation will invariably rely upon partners, suppliers and other third parties to deliver products, systems, and services that will interact with your IT network and company data. These suppliers, in turn, will rely on a network of their own suppliers, and so in this way, a connected web of interdependency across numerous organisations is established, each layer introducing new risks to every organisation within that supply chain.
A security gap in the systems of a third party somewhere in the supply chain may undermine your cyber security, no matter how good it is. With digital supply chains become increasingly complex, organisations today are only as safe as the security of their trusted partners and suppliers. Cyber Essentials certification is an effective tool for helping organisations manage the risks of cyber threats in their supply chain.
What is Cyber Essentials?
Cyber Essentials is a government-approved, annually-renewable, cyber security certification. It is centred around five technical controls that will, if implemented correctly, protect any organisation from the majority of common internet-based cyber attacks including ransomware.
According to insurance data, organisations that have a current Cyber Essentials certification are 92% less likely to make a cyber insurance claim that one without. Now widely recognised as an industry standard, Cyber Essentials provides an up-to-date, affordable, and effective means for organisations to gain confidence that their suppliers, or other third parties, have effectively implemented fundamental technical controls.
If you need to achieve Cyber Essentials and would like support achieving certification, visit our Help & Resources page.
Cyber Essentials as a supply chain tool
Cyber Essentials provides a tangible way for organisations to gain confidence that their suppliers, or other third parties, have effectively implemented fundamental technical controls that can protect against the majority of untargeted, commodity attacks. Requiring certification can play an important role as an assurance tool to help organisations gain confidence in their suppliers and increase visibility into their supply chains.
IASME Supplier Check
The IASME Supplier Check is a platform created for large organisations to check the Cyber Essentials and Cyber Essentials Plus certification of large numbers of their suppliers and contractors.
This tool is solely for the use of checking certification within a supply chain and organisations wishing to use it must go through a verification process and pay an annual fee.
To apply for the Supplier Check, please click below.
Benefits of using Cyber Essentials as a supply chain tool
A Cyber Essentials certificate demonstrates that a supplier has technical controls in place to protect them from common attacks; other standards or certifications do not necessarily provide this specific assurance.
Though there is a cost attached to achieving Cyber Essentials, it is comparatively inexpensive. Other certification schemes are significantly more costly, thus making them unattainable for many organisations.
Requiring evidence of standardised minimum expectations reduces the time spent assessing suppliers. It is also helpful for the suppliers themselves, who benefit from clear, tangible expectations rather than responding to long and complex or duplicate questionnaires.
Any organisation from any geography can get Cyber Essentials, making it a useful tool in gaining confidence in the cyber security of global suppliers.
Verify Cyber Essentials certifications across your supply chain
The Cyber Essentials Supplier Check Tool allows organisations to drop a large list of suppliers into a bespoke search function and find out which suppliers are certified to either Cyber Essentials or Cyber Essentials Plus.
Securing your supply chain with Cyber Essentials
Organisations who require their suppliers or other third parties to have Cyber Essentials are proven to reduce the number of cyber incidents across their network.
One of the UK’s largest pensions & life companies, St. James’s Place asked its partnership network of over 2,800 independent businesses to certify to Cyber Essentials Plus.
“In such a large supply chain, this had its challenges, but the decision is already showing a positive impact. Security incident numbers have significantly reduced… we have seen around 80% reduction in cyber security incidents, which directly correlates to controls and best practice implemented through Cyber Essentials.”
Matthew Smith, Divisional Director of Cyber Security, St. James’s Place
Further information and guidance
How to check who has Cyber Essentials in your supply chain
Embed Cyber Essentials in your supply chain
How to introduce Cyber Essentials into your supply chain
What are the benefits of requiring your suppliers to have Cyber Essentials?
A Chronicle of High-Profile, Supply Chain Cyber Attacks
