While it is not an ISO standard, it can be considered as covering some of the ISO 27001 Data Security material and is suitable for those businesses where full-blown ISO 27001 implementation is simply overkill.
It defines a set of controls that help to provide basic protection from the most widespread internet threats. It focuses on threats that are simple to carry out and, therefore, are the most common.
The Cyber Essentials scheme focuses on five key controls:
- Boundary firewalls and internet gateways.
- Secure configuration.
- Access control.
- Malware protections.
- Patch management.
There is a certification process, termed an ‘assurance framework’.
This enables companies who are complying with the Cyber Essentials guidelines to achieve certification and use that to demonstrate to their customers that they are working to prevent the risk of online threats.
We can help you to protect your company from the, unfortunately very real, threat of online attack and help you achieve the Cyber Essentials certification.