• Developed as part of the UK’s National Cyber Security Programme; transitioned and tuned to suit Canadian requirements by CyberNB
• Aimed at businesses and organizations of any size to help them achieve a baseline of good cybersecurity practice;
• Backed by industry specialists;
• Designed to provide an overview of an organization’s ability to mitigate the risks from Internet-based threats;
• Also applicable to all private and public sector organizations, universities and charities;
• Offers two levels of certification: ‘Cyber Essentials’ and ‘Cyber Essentials Plus’.
• It identifies the required controls believed to shield companies from up to 80% of the common threats from the internet;
• Expected to be a major requirement to win business in both public and private sectors in the future;
• Some Insurance companies may offer incentives for organizations that are Cyber Essentials certified;
• Enables a company to demonstrate to their customers and stake-holders that their data is adequately protected and that they take cybersecurity seriously.
Requires a company to successfully carry out a verified self-assessment of a series of key cybersecurity controls: Boundary Firewalls and internet gateways, Secure configuration, Access control, Malware protection and Patch management. Cyber Essentials certification is awarded once this self-assessment has been presented for review, along with relevant supporting evidence, to an approved Certification Body. The company’s submission should be approved by a senior executive such as the CEO.
Includes the criteria for basic Cyber Essentials compliance, but introduces a higher level of assurance through the external testing of the organization's cybersecurity approach. This typically requires conducting a vulnerability assessment and penetration testing, before certification can be awarded.