The Cyber Essentials scheme provides clarity to organisations on what good cyber security practice is and sets out the steps they need to follow to manage cyber risks.
The Scheme focuses on five essential mitigations within the context of the ‘10 Steps to Cyber Security’. It provides organisations with guidance on implementation as well as offering independent certification for those who need it. Whilst providing a basic but essential level of protection in itself, organisations who believe they are good at cyber security can also make this a selling point – demonstrating to their customers that they take cyber security seriously.
Once organisations have been independently assessed against the best practice recommendations they can apply for the Cyber Essentials award. This will demonstrate to potential customers that businesses have achieved a certain level of cyber security and take it seriously.
The new scheme is also applicable to other organisations including universities, charities and public bodies.
Universities and Science Minister David Willetts said: "Cyber Essentials is an easy to use cost effective way to help businesses and the public sector protect themselves against the risks of operating online. Organisations will now be able to easily demonstrate they are cyber safe - reassuring their clients, boosting confidence and profitability. I encourage all organisations to adopt it."
David Booth, Managing Director of Information Assurance for SMEs Consortium Ltd (IASME), said:
"We welcome this initiative, which fills an important gap in enabling organisations, particularly SMEs, to understand the most important technical aspects of cyber security protection. It fits nicely into IASME’s wider governance approach to information assurance for small companies."
The scheme is funded by the government through the National Cyber Security Programme. By making UK businesses safer in cyberspace, as well as enabling businesses to benefit from demonstrating their effectiveness in managing cyber threats, it helps to meet a key element of the UK Cyber Security Strategy.