Cyber Essentials is a certification scheme backed by the Government in an attempt to reduce cyber vulnerability throughout the supply chain. When implemented correctly, the security controls outlined should prevent 80% of cyber-attacks.
With the recent cyber-attack hitting the NHS, this topic is more prevalent than ever and one which shouldn’t be ignored by either small or large organisations.
How is Cyber Essentials implemented?
There are two different levels of badge that your company can apply for:
- Cyber Essentials: the standard Cyber Essentials certification is a self-assessment questionnaire and is reviewed externally
- Cyber Essentials Plus: this includes all the assessment for the Cyber Essentials certification but system tests are carried out by an external certifying body.
Any organisation, no matter the size, can download the Cyber Essentials documents and use them to put essential security controls in place via the self-assessment.
Why do you need it?
Having the Cyber Essentials badge not only protects your organisation against 80% of cyber-attacks, it demonstrates to your customers and supply chain that you have considered security controls and are working in a safe and secure environment. It also means that you can bid for important government contracts, as the Cyber Essentials certification is likely to become mandatory.
Why is it important when bidding for public sector contracts?
From as early as 2014, the Government issued a mandate stating that all suppliers must comply with the new Cyber Essentials controls if bidding for some government contracts; this was mainly seen in contracts which involved handling sensitive information and technical services. The Ministry of Defence implemented this from 2016 for all suppliers, but Cyber Essentials is now a lot more common across the board for all contracts.
In recent months, we have seen numerous tender documents from local authorities asking for Cyber Essentials as a minimum requirement when bidding for a contract, i.e. if you do not have Cyber Essentials you will not be considered for the contract and it will count as a fail.
We can only assume that in future months this requirement will become mandatory, as it is extremely risky for the public sector to work with suppliers who do not have Cyber Essentials in place. Taking into account the vast supply chain associated with the public sector in the UK and the fact it is a clear government initiative, you cannot blame them.
Get ahead of the competition and ensure that you are up to date with exactly what Cyber Essentials is, and see example questions from the self-assessment questionnaire to find out more about what is involved in the process.
It is important to remember that bidding for a contract is a competition — if your main competitor has Cyber Essentials and you do not, unfortunately it will count against you and mean your competitor has the advantage with the contracting authority.