Demonstrating that your business takes security seriously

Demonstrating that you take digital security seriously is good for client and customer confidence and could be a differentiator between you and a competitor.

Getting the cyber basics right is therefore essential if operating your business online. 

Most cyber crime is not targeted. It simply takes advantage of the connectivity to cast a global net in the hope of hooking in a victim. Within this large untargeted market it is estimated that around 80% off attacks can be prevented by getting 5 critical controls in place. 


Cyber Essentials

Organisations looking to improve their cyber security and protect themselves from the most common cyber attacks should look to achieve Cyber Essentials. This simple and effective scheme will assess your organisation against five basic security controls. These controls will immediately strengthen your cyber defences against internet based attacks.

The Cyber Essentials scheme is available as a self- assessment questionnaire or as an audited version (Cyber Essentials Plus). Cyber Essentials Plus provides greater level of assurance following additional hands-on technical verification of your cyber security by independent professionals.

More information on Cyber Essentials

Why should you get certification?

  • Reassure customers that you take cyber security seriously
  • Attract new business with the assurance that you have cyber security measures in place
  • Better understand your organisation’s cyber security level
  • Some Government contracts require Cyber Essentials certification
Section Get ready for Cyber Essentials

Get ready for Cyber Essentials

The Cyber Essentials Readiness Tool helps you meet Cyber Essentials requirements. The tool includes questions related to the main Cyber Essentials criteria and provides tailored advice to prepare you for certification.


Selecting a Certification Body

Certifying Bodies are professional companies that have been licensed to deliver Cyber Essentials assessments and offer consultancy services to help organisations achieve the certification.

For organisations looking to develop beyond the basics of cyber resilience, there are a number of additional support routes, including:

Section Working with an external IT company

Working with an external IT company

If your organisation outsources its IT to a third-party provider, you will need to instruct your IT provider to implement the Cyber Essentials controls to your network on your behalf.  The IT provider will manage your network for you, however the responsibility for your network security is still yours.

To help you manage the responsibility of your cyber security, IASME has created a detailed list of questions for you to download and give to your third-party provider. Ask your IT provider to return the answers and the relevant lists to you so that you can check that your organisation meets the Cyber Essentials requirements. You can find more information here.

You should also have a Service Level Agreement (SLA) and contract with any third-party IT supplier.

It is highly recommended that you look for an IT provider that is Cyber Essentials certified. The IT Managed Services directory has over 170 Scottish companies who provide IT Managed Services, and will easily identify those that are both cyber resilient themselves through the Cyber Essentials programme, while also showing providers who offer vital security services.

If you need to refer to the requirements, all supporting documentation for the scheme can be found on the NCSC website.

How to get cyber essentials certified IASME

NCSC Cyber Essentials Partner the IASME consortium can help your organisation undertake Cyber Essentials certification or if you want to know how you can become a Certification Body. 

Read more How to get cyber essentials certified IASME in modal dialog

Cyber Essentials – Trusted Partner

A list of companies based and operating in Scotland that have been accredited nationally as ‘certifying bodies’ for Cyber Essentials.  The Cyber and Fraud Centre -Scotland has worked with Cyber Essentials Certifying Bodies based and operating in Scotland to support […]

Read more Cyber Essentials – Trusted Partner in modal dialog

IT Managed Services Directory

Find the company that can help manage all of your IT Services. Search the directory of over 170 Scottish companies who provide IT Managed Services. It will easily identify those that are both cyber resilient themselves through the Cyber Essentials […]

Read more IT Managed Services Directory in modal dialog

Small Charity Guide

The advice in the Cyber Security: Small Charity Guide will significantly increase your protection from the most common types of cyber crime. The five topics covered in the guidance are easy to understand, and are free or cost little to implement. 

Read more Small Charity Guide in modal dialog
Back to top of the page