Frequently Asked Questions
What is Cyber Essentials?
Cyber Essentials is a Government- backed and industry-supported scheme that can help your business protect itself against the growing cyber threats. Big or small, cyber essentials provides any business with the right credentials to showcase as a trustworthy and secure company. This can be beneficial in the tendering process, and help you comply and win more contracts.
What are the Cyber Essentials and Cyber Essentials Plus schemes?
Cyber Essentials is a foundation level certification designed to provide a statement of the basic controls your organisation should have in place to mitigate the risk from common cyber threats. This is achieved through a self-assessment process carried out under the guidance of our cyber security experts.
Cyber Essentials Plus is an enhanced cyber security certification scheme for businesses that need more than Cyber Essentials has to offer.
You can find out more about the differences between Cyber Essentials and Cyber Essentials Plus here.
What is Cyber Essentials Plus?
Cyber Essentials Plus is designed for businesses that have matured their network infrastructure data requirements and have outgrown the minimum requirements of the basic Cyber Essentials scheme.
A range of public and private sector organisations have already adopted Cyber Essentials Plus since the scheme’s inception in 2014 with large global corporates such as Vodafone and Oracle leading the way in cyber security best practice. This has led to many public sector organisations, such as the Ministry of Defence and Home Office, mandating its requirements across their respective supply chains.
As part of the changes put in place since the transition to one accreditation body, IASME requires all Cyber Essentials Plus customers to hold a basic certification that was purchased no longer than three months prior.
How can Cyber Essentials help my business?
Cyber Essentials certification indicates that your organisation takes a proactive stance against malicious cyber attacks.
In addition, it offers a mechanism to demonstrate to customers, investors, insurers and others that you have taken the minimum yet essential precautions to protect your organisation against cyber threats.
The National Cyber Security Centre states that undertaking the Cyber Essentials certification process and implementing even one of the five controls required by Cyber Essentials can protect businesses from around 80% of attacks.
Do you offer any support services?
We offer three new products designed to help support you through your Cyber Essentials certification.
Vulnerability Scan – Vulnerability scanning is the examination of computer networks to identify weaknesses in security controls that can leave organisations open to cyber-attack. A vulnerability scanner searches for exposures in computers, devices and applications by collecting information and comparing it to a database of known flaws.
Speed of Assessment Uplift – With this service our team will assess your Self-Assessment Questionnaire (SAQ) within 24 working hours, ensuring that your SAQ is sent to the Accreditation Body, IASME, to be processed.
Fail Safe – Our Fail Safe service is the perfect addition to your Cyber Essentials certification if you think you might need some guidance from our cyber experts. Once you have tried to answer all the questions in the Self-Assessment Questionnaire, we will be able to give you feedback on any of your answers to ensure that you pass.
What does Cyber Essentials involve?
This will depend on which level of Cyber Essentials you take. You will need to complete a self-assessment questionnaire which Cyber Essentials Online will review.
With Cyber Essentials Plus you also undergo a more rigorous test of your organisation’s cyber security systems where our cyber security experts carry out vulnerability tests to make sure that your organisation is protected against basic hacking and phishing attacks.
Do I need to renew my Cyber Essentials certification?
The purpose of Cyber Essentials is to improve your organisation’s cyber-readiness. Annual certification is required. This acts as an opportunity to make sure that your security is ready to defend against 80% of all common attacks.
Is Cyber Essentials a mandatory requirement for working with the UK Government?
The UK public sector market is worth over £240 billion per annum and Cyber Essentials can support your business in its efforts to become a supplier to the public sector.
Essentially the government won’t do business with you unless they know you, and the companies you do business with, are secure from cyber attack.
In a speech at the Institute of Directors in March 2017, then Minister of State for Digital and Culture Matt Hancock said: “I mentioned the Government already requires many of its suppliers to hold a Cyber Essentials certificate. We’ll be strengthening this requirement to ensure even more of our contractors take up the scheme.”
Since 1 January 2016, all MOD suppliers are required to comply with the Cabinet Office Procurement Policy Note 09/04. This means that you need to have Cyber Essentials certification if you are looking to win contracts involving the transfer or generation of Ministry of Defence Identifiable Information (MODII).
What is the cost of Cyber Essentials certification?
Again, this depends on which level of certification you choose to undergo. Our foundation level starts at £300 excl. VAT / year
Find out more about products and prices here.
Can you send me the self-assessment questionnaire before I sign up?
We can’t send the actual self-assessment form until you have signed up. However, you can download our sample questionnaire here.
This document outlines the type of information you will need to gather and submit during the certification process.
Is the questionnaire a tick box Yes/ No or will it require lengthy details?
The questionnaire requires answers to all questions – most of these questions will require brief notes to enable us to understand your company and the information security controls that you have in place.
By providing full details in the questionnaire you will reduce the time required for certification as we will have all the information we need up front.
What is involved in the Cyber Essentials application journey?
The Cyber Essentials application journey will differ slightly depending on whether you choose Cyber Essentials or Cyber Essentials Plus. The stages are outlined below but timescales may differ depending on the applicant’s completion of each stage.
Regardless of which product level you choose, there are three clear stages, you will go through in order to obtain your Cyber Essentials certification.
Your Cyber Essentials purchase will grant you access to the IASME platform and the self-assessment questionnaire to complete online. You do not have to complete the questionnaire in one go. You can save your questionnaire at any point, return to it later and submit for review at your leisure.
However, we would advise that you complete and submit your questionnaire as quickly as possible in order to obtain your Cyber Essentials certification in the shortest possible time. This is more relevant when purchasing Cyber Essentials Plus as you will need to complete the Cyber Essentials certification process first.
Once you submit your completed questionnaire via the online form we will review your application and will liaise with you regarding any gaps or additional information required in order to approve your application and submit it to the accreditation body, IASME Consortium. If you have chosen to apply for Cyber Essentials Plus, it is at this stage that ID Cyber Solutions, our accredited certification body, will arrange a suitable date and time to visit your premises and conduct the more stringent tests required for Cyber Essentials Plus certification.
The awarding body, IASME Consortium, will then issue your certification, confirming that you are Cyber Essentials certified.
Our parent company – Who is BiP Solutions?
For more than 36 years, our parent company, BiP Solutions, has led the way in helping the public and private sectors work together. BiP’s penetration in the marketplace is such that more than 5000 public sector organisations and 220,000 private sector businesses in the UK use the company’s expertise to achieve their business development objectives.
Our Accreditation body – Who is IASME?
Following a commercial tender process, cyber security firm IASME was chosen by the National Cyber Security Centre (NCSC) to take over full responsibility for Cyber Essentials delivery and from 1 April 2020 became Cyber Essentials Partner with the NCSC.