Upgrading your Cyber Essentials Certificate
Just as you would have your accounts independently verified to ensure your books are balancing, it’s vital to have someone independently verify your IT systems.
Just as you would have your accounts independently verified to ensure your books are balancing, it’s vital to have someone independently verify your IT systems.
The Cyber Essentials journey, only covers a self-assessment. There is one extra step in the Cyber Essentials Plus route, which sees an independent assessor conduct a site visit.
Just as you would have your accounts independently verified to ensure your books are balancing, it’s vital to have someone independently verify your IT systems. More often than not, your IT provider won’t be a cyber security expert, so having that fresh set of eyes to ensure your defences are the best they can be will not only provide reassurance for your firm/organisation or reassurance to your client’s/customers.
Here at Lawyer Checker, when we conduct our Cyber Essentials Plus site visits, 90% of the assessments we’ve conducted to date have revealed at least 1 high risk or critical vulnerability.
These vulnerabilities can be fixed easily by your IT provider, but they are often left unattended or unnoticed. Leaving these vulnerabilities unchecked could enable a cyber criminal to hijack your systems and potentially shut down your business. So, embarking on the Cyber Essentials Plus journey, gives you that extra bit of added value for money.
Jen Williams, Head of IT and Cyber Essentials Plus Auditor, said:
“It’s one thing to have implemented your cyber security controls but are they working and are they effective in keeping data safe.
“Although it may seem slightly scary to have an auditor running a fine-tooth comb through your IT infrastructure and processes, it can be really important. You have an expert there on hand who you can ask any questions to or challenges that crop up.”
When we think about cyber security, data protection isn’t always at the forefront of our mind at the same time. However, the Information Commissioner’s Office are required to consider the technical and organisational measures you had in place, if they ever have to investigate you for a data breach.
The ICO’s Principle (f): Integrity and confidentiality (security) state:
“We have in place basic technical controls e.g. those specified by established frameworks like Cyber Essentials.”
So, embarking on a Cyber Essentials and Cyber Essentials Plus journey provides you with the additional reassurance, that you have taken precautions that the ICO can check.
The Cyber Essentials Plus process is straightforward, and falls into two categories: