The NCSC has carried out research, determining the path to certification for Cyber Essentials could be made clearer, that the standard was being implemented consistently across the UK and that assessor and advisor standards were consistent. Its research showed that customers were confused by the use of five different organizations to deliver the scheme, as each organization operated the scheme in a slightly different way.
After a tender process, the NCSC has appointed a single Cyber Essentials Partner – The IASME Consortium, with effect from today.
Introduced in 2014, Cyber Essentials enables organizations to demonstrate that they meet defined standards of online security and seeks to identify that organizations have key controls in place. The scheme provides successful applicants with a certificate that lasts for 12 months.
It was intended to enable companies to understand the basic controls all organizations should implement to mitigate the risk from common internet-based threats, and concentrated on five key controls:
- Boundary firewalls and internet gateways
- Secure configuration – ensuring that systems are configured in the most secure way for the needs of the organization
- Access control – ensuring only those who should have access to systems have access and at the appropriate level
- Malware protection
- Patch management – ensuring the latest supported version of an application is used and all necessary patches have been applied
IASME said that today’s new partnership will help make fundamental cyber-protection more understandable, accessible and practical. Dr Emma Philpott, MBE, chief executive of IASME, said: “IASME contributed to the original writing of the scheme and has been involved in its delivery ever since. We welcome the prospect of continuing to work in partnership with NCSC to further develop and grow the Cyber Essentials scheme.
“We are particularly looking forward to working with the wider network which includes all Cyber Essentials Certification Bodies which will allow us to offer expert support and certification to organizations across the whole of the UK and Crown Dependencies.”
IASME welcomed new certification bodies whom had come on board during the transition period, and thanked other certification bodies that had been a part of the journey to date. “Together we will provide a comprehensive, UK-wide network of licensed Certification Bodies to ensure regional support is available to all those who need it.”
Anne W from the NCSC, added: “The move to a single Cyber Essentials Partner allows us to work closely with IASME to develop the scheme and build further on the success to date. Cyber Essentials is an important scheme within the NCSC’s extensive portfolio of tools and guidance, all of which make a significant contribution to making the UK one of the safest places in the world to live and do business online.”