Cyber Assurance Level 2 (and ISO27001)
Cyber Assurance Level 1 is about identifying and engaging with the user and management controls that create Cyber Resilence. Technical controls are good, but not enough if the people processes fail.
Level 2 requires evidence to back up the claim made about compliance with the user and management controls requirements.
Because ISO27001 is also ebvidence based, it is fair to say that Cyber Essentials and Cyber Asurance Level 2 have equivalence with ISO27001.
However, ISO27001 will always be at the top of the pyramid, so for those businesses that need it and can afford it should strive for that gold standard
Other Products and Services from Regola Digital Consulting
Cyber Essentials Certification (Medium-sized Business 51-250)
Cyber Essentials certification for medium-sized businesses up to 250 employees
Free Cyber Security Insurance if turnover <£20M
Fixed cost £600
Preparation for Cyber Resilience
The Department of Science and Information Technology (DSIT) has recently released a code of practice for organisations who wish to be Cyber Resilient. Cyber Essentials Plus, whilst very welcome, focuses on technical controls, and is not sufficient on its own.
Whilst DSIT cannot recommend particular commercial product, they have done mapping exercises for the code of practice against both IASME Cyber Assurance (ICA). They have found that both do fulfill their requirements for cyber resilience (both require relevant management and user controls, as well as technical controls).
ISO27001 is designed for larger organisations, and Regola would always recommend that an organisation with sufficient resources should aim for this "gold standard".
However, for smaller organisations, ICA (particular at L2) would be sufficient for smaller organisations seeking cyber resilience.
Regola's experienced staff provide consultancy for organisations wishing to be Cyber Resilient.
Cyber Essentials Preparation
Some IT people find the Cyber Essentials guidance intuitive; many business people find the language and concepts more demanding. We are here to support businesses! over 250000 certificates have now be awarded, but some businesses do fail. Prepare well, and that won't be you.
It is normal for a business to take the Cyber Essentials assessment and be told by the assessor that they have a small number of corrections to make, and they are given a small window of time. Few get it completely right first time. What a business would not want, however, to do is take Cyber Essentials and then comprehensively fail it.
To prepare businesses for assessment, we offer microbusinesses a service of 30 minutes free discussion, with a follow-up and a clearly written set of "do's and don'ts". Extra time and consultancy beyond this is available, but will be charged at the normal consultancy rate. After the 30 minutes, we point businesses at the self-help facilities available on the IASME website.
We are a Certification Body (the only one in South Devon) and do plenty of assessing ourselves. If you sign up for assessment through us, rather than through IASME, you'll get our friendly and comprehensive service right through to certification, and on to cyber essentials plus (within 90 days) if you so wish.
Regola Digital Consulting
Office 1.19, Torbay Business Centre, Lymington Road, Torquay, Devon, TQ1 4BD, United Kingdom
Regola are an NCSC approved Cyber Essentials Certification Body We offer a cost-effective service, based on many years experience of offering expert advice to SMEs so they cover the basics of technical security. We specialise in UK Government's Cyber Essentials (CE) and have assessed over 150 clients. As an accredited Certification Body for both CE and CE+, and IASME Cyber Assurance, we offer customised guidance to help businesses achieve valued cyber security certifications to assure partners and clients. The Cyber Essentials scheme also provides free Cyber Liability insurance up to £25000 for smaller UK companies who achieve certification. It is especially beneficial for SMEs aiming to secure government contracts or reassure clients that their information is well-protected.