News

Why become Cyber Essentials Plus certified?

Cyber Essentials Plus

What is Cyber Essentials Plus?

Cyber Essentials Plus is the level above the base Cyber Essentials certification and provides a more rigorous test of your organisation’s cyber security systems through detailed on-site vulnerability assessments carried out by our cyber security experts.

In addition to the initial self-assessment, which alone makes up the base Cyber Essentials certification, Cyber Essentials Plus requires a series of vulnerability tests which are carried out by our cyber security experts. They make sure that your IT security systems can withstand basic hacking and phishing attacks and will then prepare a final report summarising their findings and whether you have passed and can be Cyber Essentials Plus certified.

Cyber Essentials Plus offers a higher level of assurance through the external testing of the organisation’s cyber security approach.

 

Cyber Risk Profiles

A Cyber Risk Profile sets out the cyber protection measures required at each level of cyber risk.

If a contract is assessed as carrying a cyber risk of ‘Low’, then the applicant will need to comply with the measures set out in the ‘Low’ profile. These requirements are progressive as one moves up the risk profiles.

The new Cyber Security Model mandates the following for all MOD suppliers and subcontractors:

  • For Contracts at ‘Very Low’ risk – Cyber Essentials is required
  • For Contracts at ‘Low’, ‘Moderate’ or ‘High’” risk – Cyber Essentials Plus is required

If you are looking to bid on MOD contracts with a risk level above “very low”, you will need Cyber Essentials Plus in place. You can read more about Cyber Risk Profiles here.

 

What’s the Difference between Cyber Essentials Plus and Cyber Essentials?

The level of testing required for Cyber Essentials Plus is more stringent than the testing carried out through the Cyber Essentials self-certification. Whilst the base Cyber Essentials certification involves just the completion of the self-assessment questionnaire, the Cyber Essentials Plus assessment includes this as well as two additional key elements:

  • An On-Site Assessment

The on-site assessment is a requirement for all companies wishing to achieve Cyber Essentials Plus. Our team will visit your office(s) and thoroughly check whether the solutions you have put in place comply with the control requirements. You can find out the control requirements here.

  • Internal Vulnerability Scan

An internal vulnerability scan is a requirement for all companies wishing to achieve Cyber Essentials Plus. It involves a scan of your internal networks within the scope of your application, with a focus on workstations and mobile devices. It aims to find out whether the Cyber Essentials controls have been properly implemented and to check that known vulnerabilities have been addressed.

 

Cyber Essentials Plus Extra

Cyber Essentials Plus Extra includes a remote pre-test of your network before the audit, a report explaining what needs to be fixed and the Cyber Essentials Plus test itself, which includes travel for our team on the UK mainland.

Get in contact with us to find out more.

 

Get Started with Cyber Essentials

Certification to the Government’s Cyber Essentials Scheme is a mandatory requirement for organisations wishing to win business with the MOD, and can help your organisation prepare and defend itself against malicious cyber attacks, regardless of the sector you operate in.

Get  started on your Cyber Essentials Plus certification today

Free Tender Search

Recent Posts

 

Who are we?

From publishing the first national directory of public sector contracts, to being the first to market with our online Tracker solution, we have been the true pioneers of technology and innovation in the public sector marketplace. Throughout our 39 years, we have continued to evolve and chart new territory – placing our customers at the heart of everything we do. Take your business to the next level with Tracker now.

Try out DCI Today

Try out DCI Today

    BiP Solutions owns Tracker and we look after your details carefully. We offer a range of products, services and events (some of which are free) that help buyers tender more efficiently and suppliers find, bid for and win public and private sector contracts. Only tick this box if you wish to receive information about these. We will never share your details with third parties and you will have the opportunity of opting out of communications every time we contact you. For further details, please see our Privacy Policy