What is Cyber Essentials Certification?
Cyber Essentials (CE) is a globally recognised cybersecurity certification scheme that offers a sound foundation of basic IT security controls that all types of organisations can implement and potentially build upon. Intuity Technologies was one of the first organisations in Ireland to be approved as a certified provider. We are here to help you gain your own Cyber Essentials Certification.
Get Cyber Essentials certified with AndrewsDuffy
Our simple five-step methodology:
1. Define the Scope
Certification can apply to an organisation’s full enterprise IT or just to a subset (department). Either way, the scope needs to be clearly defined before the certification process can get underway.
2. Self Assessment Questions
The next step is to complete the required SAQ. We review the completed SAQ before submission to check it meets the scheme’s requirements. Successful applications are issued a Cyber Essentials certificate.
3. On-site Assessment / Audit
Organisations seeking certification to Cyber Essentials Plus will be required to go through a technical audit, which includes a series of internal vulnerability scans and tests of the in-scope system(s), and the SAQ.
4. Testing your External Web Facing Platforms
An external vulnerability scan of your Internet-facing networks and applications is used to verify that there are no obvious vulnerabilities. As the tests are external, they are performed off-site. These generally are what your customers and clients use on a daily basis.
5. Certification (Plus)
Once the on-site assessment, internal vulnerability scan and external vulnerability scan have been successfully completed and approved, you will be issued with your Cyber Essentials Plus certificate.
‘ The Techie Part of Cyber Essentials ‘
There are five control areas covered by Cyber Essentials, these are:
- Boundary Firewalls and Internet Gateways
Ensuring all devices that are connected to the internet are protected by a properly configured firewall. An internet gateway can deny access to users within your organisation to websites or other online services that present a threat.
- Secure Configuration for devices and software
Systems and software must be configured in the most secure way for the needs of the organisation. Password management and policies are also a key part of this control area.
- Access control
Controlling who has access to systems and at what level.
- Malware protection
Ensuring that virus and malware protection is installed and is up to date, plus ensuring there is sufficient user awareness.
- Patch management
Attackers constantly identify and exploit software vulnerabilities. Checking that the latest supported version of software is used and all necessary patches have been applied.
If you are interested, please contact us