Being a licensed certification body allows us to deliver Cyber Essentials assessments on behalf of the IASME Consortium, who are responsible for running the Cyber Essentials programme for the National Cyber Security Centre (NCSC), a UK government body linked to GCHQ
Unity Metrix is an IASME accredited Certification Body for Cyber Essentials
Being a licensed certification body allows us to deliver Cyber Essentials assessments on behalf of the IASME Consortium, who are responsible for running the Cyber Essentials programme for the National Cyber Security Centre (NCSC), a UK government body linked to GCHQ. We are also authorised to deliver IASME Governance, an affordable and achievable alternative to ISO27001 for smaller businesses, or useful addition to those who already hold the ISO27001 certification.
We assist you with the certification process by identifying any gaps in your security control that is required for the Cyber Essentials Certification and provide support in getting certified.
Gain customer trust – Win more business – Prevent cyber attacks
What are the benefits of Cyber Essentials certification?
Cyber Essentials certification is increasingly becoming a minimum requirement for many businesses, who expect their partners and suppliers not only to ensure that they protect personal data, but that they can prove it. Many contracts, particularly within government, are now dependent on using only cyber essentials certified contractors.
- It makes good business sense – Cyber Essentials is a very simple tool that can SIGNIFICANTLY REDUCE YOUR EXPOSURE TO CYBER RISKS. It is not rocket science, but performing the few simple actions needed to comply with the Cyber Essentials standard has been proven to substantially ameliorate risks.
- There is no cheaper way of doing this – £300 is the cost of the basic assessment, and you could do everything yourself if that is your preference. Alternatively we would be happy to help guide you through the process and ensure you meet the standard. It is A LOT less expensive than suffering a cyber breach.
For the ultimate in cyber security for SMEs the IASME Governance standard builds on Cyber Essentials and ensures an even greater degree of cyber protection and GDPR compliance. This is a great standard to show customers, prospects and other stakeholders that you take cyber security and compliance seriously. Aside from the accolade that passing the standard represents, it is thought to MITIGATE 85% of ALL CYBER THREATS.
Organisations who are awarded Cyber Essentials and Cyber Essentials Plus certification are provided with a certificate from our Accreditation Body and a logo toolkit which allows the Cyber Essentials logos to be used on the organisation’s website and in company documentation.
What does Cyber Essentials cover?
Cyber Essentials sets out five controls which you can implement immediately to strengthen your cyber defences:
- Firewall Security – use a firewall to secure your internet connection
- Secure Configuration – choose the most secure settings for your device and software
- User Access Control – control who has access to your data and services
- Malware Protection – protect yourself from viruses and other malware
- Patch Management – keep your devices and software up to date
Why certify to/ renew Cyber Essentials
- A Government backed certification introduced following their concern that organisations were not putting the basic technical controls in place to protect themselves against the most common internet-based attacks.
- Scheme is referenced in the National Cyber Security Strategy 2016-2021:
The Cyber Essentials scheme was developed to show organisations how to protect themselves against low-level “commodity threat”. It lists five technical controls (access control; boundary firewalls and Internet gateways; malware protection; patch management and secure configuration) that organisations should have in place. The vast majority of cyber attacks use relatively simple methods which exploit basic vulnerabilities in software and computer systems. There are tools and techniques openly available on the Internet which enable even low-skill actors to exploit these vulnerabilities. Properly
implementing the Cyber Essentials scheme will protect against the vast majority of common internet threats.
- A simple yet effective scheme that will help protect an organisation against some of the most common cyber threats, such as:
- Phishing attacks
- Password guessing
- Network attacks
- A flexible certification that is applicable to organisations of all sizes and all sectors.
- Reassures you current and potential clients that you take cyber security seriously.
- Mandated, or actively encouraged, across an increasing number of government and private sector contracts. For MoD contracts, it is required throughout the supply chain.
- Information Commissioner’s Office recognises the Cyber Essentials scheme and its ability to provide certain security assurances and help protect personal data in an organisation’s IT system. ‘Get in line with Cyber Essentials’ is a section in the ICO’s ‘A practical guide to IT security’ publication.
- Encouraged by regulators such as the Financial Conduct Authority, ‘Gaining (a certification), such as Cyber Essentials, could improve the security of your firm.’
- Cyber Liability insurance included for organisations under £20m, achieving verified self-assessed certification covering the whole of their organisation.
Why certify/ recertify to Cyber Essentials v1.0 Mar 2020
- Once you have certified once, it should be much easier to recertify unless you have had major infrastructure changes or your software has gone out of support.
- An up-to-date certificate reassures your current and potential clients that you take cyber security seriously.
- You will only be listed as Cyber Essentials certified on the government website for one year from the date of your certification unless you renew.
- A requirement in the majority of government tenders and an increasing number of non-government tenders. These tenders often specify that the certificate must have been awarded within the last year.
- Having a Cyber Essentials certificate issued within the last year will be taken into account by the ICO in the case of a data breach
- The Cyber Insurance which is awarded to all UK SMEs when they achieve Cyber Essentials only lasts for a year and cannot be renewed unless the organisation recertifies to Cyber Essentials.