1. Home
  2. Compliance
  3. Cyber Essentials

What is Cyber Essentials?

The Cyber Essentials scheme is a UK government backed cybersecurity certification programme that helps organisations, of all sizes, protect themselves against common online threats. It provides a framework of basic cybersecurity controls that organisations can implement to improve their overall cybersecurity posture and reduce the risk of cyber- attacks.

The scheme consists of two levels of certification: Cyber Essentials and Cyber Essentials Plus. To achieve Cyber Essentials certification, an organisation must complete a self-assessment questionnaire and have their responses independently verified by a certification body. The questionnaire covers five key areas of cybersecurity: boundary firewalls and internet gateways; secure configuration; access control; malware protection; and security update management.

To achieve Cyber Essentials Plus certification, an organisation must undergo a more rigorous assessment that includes vulnerability scanning and security configuration testing. This level of certification provides a higher level of assurance that the organisation has implemented effective
cybersecurity controls.

What are the benefits?

There are several reasons an organisation may wish to become Cyber Essentials certified:

Improved cybersecurity

The certification process helps organisations to identify and implement basic cybersecurity controls that can protect them against a range of common online threats, for example: phishing attacks, malware, and hacking attempts.

Demonstrate commitment to cybersecurity

Cyber Essentials certification demonstrates to customers and partners that an organisation takes cybersecurity seriously and has taken steps to protect their sensitive information.

Competitive advantage

Organisations that hold Cyber Essentials certification may have a competitive advantage over those that do not, as it can be a requirement for certain contracts and tenders, especially in the public sector.

Reduced insurance premiums

Some insurance companies offer reduced premiums for organisations that have Cyber Essentials certification, as it indicates that the organisation has taken steps to mitigate the risk of cyber-attacks.

Compliance with regulations

Compliance with the Cyber Essentials scheme can help organisations to meet the requirements of certain regulations, such as the UK’s General Data Protection Regulation (GDPR) and the Payment Card Industry Data Security Standard (PCI DSS).

Peace of mind

Cyber Essentials certification can give organisations and their stakeholders peace of mind, knowing they have taken steps to protect their sensitive information and reduce the risk of cyber-attacks.

How do I get started?

  • Read the Cyber Essentials Requirements for IT Infrastructure document to learn about the requirements.
  • Speak to our team for impartial guidance on requirements, process, or next steps.
  • Check out our Cyber Essentials Gap Analysis.

Cyber Essentials Gap Analysis

Understanding your current state and comparing it to a new accreditation can be tricky, so we’ve simplified this with our Cyber Essentials Gap Analysis.

The objective of the gap analysis is to identify key remediation tasks that will need to be implemented to ensure the organisation meets the requirements of the standard and achieve certification. It comprises a remote workshop session, a documentation review, an asset review, a one-off external vulnerability scan, and internal agent-based authenticated patch audit. It will be accompanied by a report that will highlight compliance against all areas of the Cyber Essentials standard.

Why Evolve North for Cyber Essentials?

We are a Cyber Essentials Certification Body, with assessors backed by a range of IT Security and Information Governance skills. This means we are expertly placed to support every stage of your Cyber Essentials journey, from Gap Analysis, Application, Remediation and Renewal.

Get in touch with us to discuss Cyber Essentials, or visit our dedicated Cyber Essentials website, www.cybertoolkit.co.uk


Talk to a specialist now – call 01748 905 002.

CTO, UK Marketing Agency

“Given our size, the vDPO service just made sense, as we couldn’t hire this role internally for several years to come”

CTO, UK Marketing Agency

Head of Operations, European Financial Services.

“Having Evolve North support our board meetings really supported the work we are doing to safeguard our staff and customers”

Head of Operations, European Financial Services.

Operations Director, UK Non-Profit

“Cyber Essentials Plus was essential for us to attain, and the Evolve North team made it possible”

Operations Director, UK Non-Profit

Programme Director, UK Hotel Chain

“We’ve partnered with Evolve North for PCI DSS & ISO7001 support and they’ve always been there when we’ve needed them”

Programme Director, UK Hotel Chain

Digital & Change Lead, UK NHS Trust

“They provided clarity across our M365 data and compliance services, our chaotic Microsoft licencing and our complex NHS environment”

Digital & Change Lead, UK NHS Trust

CTO, UK Housing Association

“After pushing through our Cyber Essentials and ISO27001, their quarterly Penetration Testing & Vulnerability scanning just made sense”

CTO, UK Housing Association

IT Manager, UK Law Firm

“Quick and easy method to get Cyber Essentials. Lots of support when needed”

IT Manager, UK Law Firm

Director of Tech, UK Hospitality Organisation

“Just having the annual support days in place, meant we could tackle incidents and third-party onboarding easily”

Director of Tech, UK Hospitality Organisation

Industries

Evolve North works across a wide range of differing industries throughout the UK and Europe in both public, private and voluntary sectors.