Working with an external IT company
If your organisation outsources its IT to a third-party provider, you will need to instruct your IT provider to implement the Cyber Essentials controls to your network on your behalf. The IT provider will manage your network for you, however the responsibility for your network security is still yours.
To help you manage the responsibility of your cyber security, IASME has created a detailed list of questions for you to download and give to your third-party provider. Ask your IT provider to return the answers and the relevant lists to you so that you can check that your organisation meets the Cyber Essentials requirements. You can find more information here.
You should also have a Service Level Agreement (SLA) and contract with any third-party IT supplier.
It is highly recommended that you look for an IT provider that is Cyber Essentials certified. The IT Managed Services directory has over 170 Scottish companies who provide IT Managed Services, and will easily identify those that are both cyber resilient themselves through the Cyber Essentials programme, while also showing providers who offer vital security services.
If you need to refer to the requirements, all supporting documentation for the scheme can be found on the NCSC website.