The Cyber Essentials Accreditation – Helping you on your journey towards GDPR Compliance - Complete IT

Complete I.T. Blog

The Cyber Essentials Accreditation – Helping you on your journey towards GDPR Compliance

by | May 14, 2018 | Archived Articles

At Complete I.T., we ensure our clients are as safe and secure as possible in order to protect you from Cyber Security attacks.  We ourselves have invested lots of time and money into ensuring we’re fully GDPR compliant and that all of our systems which hold customer data are as secure as possible.

As your IT partner, you put your trust in us that your IT systems are secure and that we inform you of any additional requirements to keep you secure.

With Cyber Security being a hot topic, there are many security measures that can be implemented to ensure your data is protected against the many threats that exist both internally and externally to your corporate network.

The Cyber Essentials scheme is a framework devised by the government to adopt good practice in information security and contains a set of security standards which organisations can be assessed and certified against.

The framework identifies the security controls that an organisation must have in place in order to provide confidence that data is kept safe and that they’re protecting themselves from the risk of internet based threats.

The scheme focuses on the following five essential mitigation strategies:

  • Boundary Firewalls and Internet Gateways
  • Secure Configuration
  • Access Control
  • Malware Protection
  • Patch Management

By completing this accreditation, it will provide you with the assurance that you’re practicing robust Cyber Security measures to mitigate against data loss or cyber-attacks.  It will also help you win business as you can demonstrate to your customers that your data is adequately protected and that you take cyber security seriously.

There are two different parts to this scheme; Cyber Essentials and Cyber Essentials Plus

Cyber Essentials – This involves completing a self-assessment questionnaire which is then validated by an external, Crest accredited certifying body.  The same external body will also carry out a remote technical assessment in order to validate what is detailed in the populated questionnaire.

Cyber Essentials Plus – This extends upon the Cyber Essentials with a representative from the Crest accredited body attending your business premises and undertaking a more thorough review of the IT systems.  This will include gathering evidence for the following:

  • Can malicious files enter the organisation from the Internet through either web traffic or email messages.
  • Should malicious content enter the organisation, how effective are the anti-virus and malware protection mechanisms.
  • Should the organisation’s protection mechanisms fail, how likely is it that the organisation will be compromised due to failings in the patching of the organisation’s workstations.

As the Cyber Essentials Plus accreditation is more thorough, it will provide more assurance that the security measures in place are secure and correspond to the responses on the questionnaire

Helping you achieve Cyber Essentials

Complete I.T. can help you through the journey to achieve your Cyber Essential accreditation.  The basic steps to achieve this will be:

  • Your technical consultant can review the Cyber Essentials questionnaire and identify areas that require change. Create a task list of items to address and the required time to complete these.
  • Agree the tasks and time with you and highlight any changes that will impact your business such as password policy changes.
  • Implement the changes.
  • Arrange for Complete I.T.’s Cyber Essentials partner to undertake the Cyber Essentials or Cyber Essentials Plus test.

If undertaking the Cyber Essentials Plus accreditation, the external body will require a standard build PC, a standard build laptop, an administrative account and a standard user account with a valid email address.  Complete I.T. will be onsite during the visit to address any small areas of concern if they arise.

If you are interested in achieving the Cyber Essentials accreditation please talk with your Account Manager or Technical Consultant.