The difference between Cyber Essentials and ISO 27001

Posted on 15th November 201919th November 2019 by Cleo Hartness

Written by: Cleo Hartness

Share on Social

Although Cyber Essentials and ISO 27001 complement each other, the certifications serve different needs. Both aim for information protection but there are differences between the two certifications.

Learn more about both certifications below.

What is the main difference between Cyber Essentials and ISO 27001?

ISO 27001 certification considers all information whether its medium is paper, information systems or digital media. Cyber Essentials protects data and programs on networks, computers, servers, and other elements of IT infrastructure.

Although there seem to be more elements to ISO 27001 than Cyber Essentials, businesses are not required to have ISO 27001 when working with the UK public sector.

If your business is bidding for central government contracts “which involve handling sensitive and personal information or the provision of certain technical products and services”, it will require Cyber Essentials certification.

What is ISO 27001?

ISO 27001 supports businesses that want to maintain the international standard for information security. The certification, which was first introduced in 2005, defines what is required for a business to establish, implement, maintain, and improve an Information Security System.

Many organisations choose to certify to ISO 27001 as they can benefit from the best practice its standards contain. Many customers and clients are also reassured that the standards’ recommendations have been followed.

What is Cyber Essentials?

Cyber Essentials certification helps businesses to protect their data and programs from cyber attack. We live in a world where cyber attacks come in all shapes and sizes and Cyber Essentials can help organisations to stay protected against a whole range of common cyber attacks.

The five key controls which need to be implemented to achieve certification are:

Secure internet connection
Secure devices and software
Controlled access to data and services
Protection from viruses and other malware
Up-to-date devices and software

This Government-backed scheme gives organisations three options to choose from: Cyber Essentials, Cyber Essentials Plus and Cyber Essentials Fast Track. With Cyber Essentials Plus you will receive all the benefits of Cyber Essentials as well as an external visit where your cyber security is verified by independent experts.

Get Cyber Essentials certification

Any business working with the public sector should have a cyber security plan in place. If you’re looking for information on how to protect your business or need support getting certified, visit Cyber Essentials Online to learn more.