Assured Cyber Essentials

Cybersecurity can be daunting for businesses, especially for those without a dedicated security team or internal IT support.

The NCSC reports that 90% of the businesses that manage to achieve Cyber Essentials rely on either the business owner to implement those technical controls, or are large enough to have an internal security team.

This percentage is so high because small businesses rarely ever achieve Cyber Essentials unless their owners are experienced IT professionals.

We help businesses achieve cyber essentials without a security team and without burdening the management team.

By taking ownership of the process and the security controls, our service simplifies this journey, offering a tailored path to compliance with the Cyber Essentials scheme.

What is the Cyber Essentials Certification?

Cyber Essentials is a UK government-backed, industry-supported scheme designed to help organizations protect themselves against common cyber attacks. Certification demonstrates a business’s commitment to cyber security.

Step One: A Comprehensive Gap Analysis

A detailed gap analysis forms the bedrock of our approach, assessing your current practices against the stringent requirements of the Cyber Essentials Plus standards. This crucial evaluation identifies areas needing improvement, paving the way for a strategic roadmap to compliance. You can find more details on our Gap Analysis here

Step Two: We guide you in enabling the right controls

Our service is designed to be comprehensive yet straightforward, guiding you through the process of implementing the necessary technical controls and processes without the need for in-house security expertise. From the initial gap analysis to the final certification, we provide step-by-step support, ensuring your business not only achieves but maintains compliance with the Cyber Essentials standards.

Step Three (Optional): Managing those technical controls

For some businesses, managing the technical controls is difficult and confusing. We can manage these for you.

We can implement these controls and hand management over to you, or provide long-term support as part of our Trusted Security Partner product.

• Patching: We partner with NinjaOne and can implement and manage patching for all of your IT equipment. You’ll not have to worry about the threat of common vulnerabilities, and you’ll be compliant.
• Device management: We manage device configuration, and your asset inventory, either through NinjaOne or Microsoft365.
• Anti-Virus: We ensure you’re always running effective anti-virus software to protect from viruses.
• Network hardening: We assess and remediate vulnerabilities on your office networks.
• Server migrations: Cyber Essentials requires that all of your systems are supported by the vendor. If you are running unsupported (old) versions of systems, we’ll help you migrate to a modern counterpart.

FAQ

How can our service help if we don’t have an IT or security team?

Our service is designed to guide businesses without in-house cyber security expertise through the certification process. We provide end-to-end support, from gap analysis to implementing necessary controls and processes, ensuring compliance without the need for specialized staff.

What areas are audited for certification?

Key areas audited include boundary firewalls and internet gateways, secure configuration, access control and administrative privilege management, malware protection, patch management, user education and awareness, network security, secure communications, mobile and remote working security, and data backup.

How long does it take to get certified?

The time to certification can vary depending on the current state of your cyber security practices and the extent of improvements required. Typically, the process can take from a few weeks to 3 months.

Is the certification valid indefinitely?

No, the Cyber Essentials certification is valid for one year from the date of issue. It is recommended to undergo annual assessments to maintain certification and ensure ongoing compliance with cyber security best practices. With our Trusted Security Partner product, you’ll stay compliant all year round.

Can small businesses afford this certification?

Yes, our service is designed to be affordable and scalable, catering to the needs of businesses of all sizes. Achieving certification not only enhances your security posture but also can be a competitive advantage in attracting clients.

What happens if we fail the initial assessment?

If gaps are identified during the initial assessment, we will work with you to implement the necessary changes and improvements. Once these are in place, a re-assessment can be conducted to achieve certification.

Cyber Essentials certification is not an immediate pass/fail, so you won’t need to pay for a second assessment.
We’ve never had a customer fail yet.

How does this certification benefit my business?

Achieving Cyber Essentials certification enhances your organization’s protection against common cyber threats, demonstrates your commitment to cyber security to customers and partners, and may be a requirement for certain contracts, especially those involving the UK government.