Certification

Demonstrating that your business takes security seriously

Demonstrating that you take digital security seriously is good for client and customer confidence and could be a differentiator between you and a competitor.

Getting the cyber basics right is therefore essential if operating your business online. 

Most cyber crime is not targeted. It simply takes advantage of the connectivity to cast a global net in the hope of hooking in a victim. Within this large untargeted market it is estimated that around 80% off attacks can be prevented by getting 5 critical controls in place. 

Cyber Essentials

Organisations looking to improve their cyber security and protect themselves from the most common cyber attacks should look to achieve Cyber Essentials. This simple and effective scheme will assess your organisation against five basic security controls. These controls will immediately strengthen your cyber defences against internet based attacks.

The Cyber Essentials scheme is available as a self- assessment questionnaire or as an audited version (Cyber Essentials Plus). Cyber Essentials Plus provides greater level of assurance following additional hands-on technical verification of your cyber security by independent professionals.

The Cyber Essentials Readiness Tool helps you meet Cyber Essentials requirements. The tool includes questions related to the main Cyber Essentials criteria and provides tailored advice to prepare you for certification.

More information on Cyber Essentials

Why should you get certification?

  • Reassure customers that you take cyber security seriously
  • Better understand your organisation’s cyber security level
  • Some Government contracts require Cyber Essentials certification

Selecting a Certification Body

Certifying Bodies are professional companies that have been licensed to deliver Cyber Essentials assessments and offer consultancy services to help organisations achieve the certification.

For organisations looking to develop beyond the basics of cyber resilience, there are a number of additional support routes, including:

Working with an external IT company

If your organisation outsources its IT to a third-party provider, you will need to instruct your IT provider to implement the Cyber Essentials controls to your network on your behalf.  The IT provider will manage your network for you, however the responsibility for your network security is still yours.

To help you manage the responsibility of your cyber security, IASME has created a detailed list of questions for you to download and give to your third-party provider. Ask your IT provider to return the answers and the relevant lists to you so that you can check that your organisation meets the Cyber Essentials requirements. You can find more information here.

You should also have a Service Level Agreement (SLA) and contract with any third-party IT supplier.

It is highly recommended that you look for an IT provider that is Cyber Essentials certified. The IT Managed Services directory has over 170 Scottish companies who provide IT Managed Services, and will easily identify those that are both cyber resilient themselves through the Cyber Essentials programme, while also showing providers who offer vital security services.

If you need to refer to the requirements, all supporting documentation for the scheme can be found on the NCSC website.

Cyber Essentials – Trusted Partner

A list of companies based and operating in Scotland that have been accredited nationally as ‘certifying bodies’ for Cyber Essentials.  The Scottish Business Resilience Centre (SBRC) has worked with Cyber Essentials Certifying Bodies based and operating in Scotland to support […]

Read more
Back to top of the page