Cyber Essentials Certification (Medium-sized Business 51-250)

Cyber Essentials Certification and associated Cyber liability insurance for the small business. 

Fixed cost £528

Cyber Security Awareness Training is probably the first real step towards cyber resilience (after becoming aware that you need cyber awareness training that is!). To be resilient, an organisation not only needs to be able to defend against cyber attacks, but also to recover effectively and quickly if a system problem emerges.

We consider Cyber Essentials to be the obvious next step, because the 5 technical controls harness the power of software that will already be on the system to automatially protect, with assistance of course from users who are aware (e.g. passwords). The cost of getting these controls working effectively could well be minimal! Once achieved, Cyber Essentials certification comes with free cyber liability insurance (up to £25000). You may wish to also get audited (Cyber Essentials plus). No further training is required for that, but you do need to allow an NCSC-approved vulnerability tester into your system.

Once those five technical controls are working effectively, other standards should be considered that use morte robust user controls, and management controls. This can be achieved through Cyber Assurance, PCI-DSS, or ISO27001.

If an organisation is only at the awareness level, do not be too worried... the fact that you are thinking about improving awareness puts you ahead of many other organisations who have yet to even take that first step.

Some IT people find the Cyber Essentials guidance intuitive; many business people find the language and concepts more demanding. We are here to support businesses! over 250000 certificates have now be awarded, but some businesses do fail. Prepare well, and that won't be you.

It is normal for a business to take the Cyber Essentials assessment and be told by the assessor that they have a small number of corrections to make, and they are given a small window of time. Few get it completely right first time. What a business would not want, however, to do is take Cyber Essentials and then comprehensively fail it. 

To prepare businesses for assessment, we offer microbusinesses a service of 30 minutes free discussion, with a follow-up and a clearly written set of "do's and don'ts". Extra time and consultancy beyond this is available, but will be charged at the normal consultancy rate. After the 30 minutes, we point businesses at the self-help facilities available on the IASME website.

We are a Certification Body (the only one in South Devon) and do plenty of assessing ourselves. If you sign up for assessment through us, rather than through IASME, you'll get our friendly and comprehensive service right through to certification, and on to cyber essentials plus (within 90 days) if you so wish.