Cyber Essentials is a government backed scheme originally developed as a framework for anyone that wanted to provide services to particular areas of government or military but has since expanded out to be a more general cyber security guideline and framework.
In order to become Cyber Essentials certified, organisations must adhere to a strict set of rules and requirements around their IT equipment, data and users.
There are two levels of Cyber Essentials certification available, loosley they can be described as:
This is the lower tier and the easiest to achieve, though as such carries a little ‘weight’ than the ‘Plus’ version as a measure of good cyber security, nonetheless it covers core security principles.
Cyber Essentials Plus
While still the same framework, Cyber Essentials Plus is requires a hands-on audit and technical verification of the organisation getting certified. Rather than relying on orgnisation to simply state that their systems are up to date, scans will be run on the network to verify that this is actually the case.
How long does it take?
The Cyber Essentials audit can be completed in a day as it’s a simple process of providing answers. Cyber Essentials Plus takes as long as the verification process takes (this will vary depending on the size of your organisation) and requires an onsite visit and a vulnerability scan. For most businesses, it’s the preparation interally that takes time and gathering all the required information about their systems.