The New Cyber Essentials Scheme – We Are Still Your Certification Body

To Our Valued Clients and Partners.

 

From 1st April 2020, the delivery of the Cyber Essentials scheme changed to a single Cyber Essentials Partner, IASME Consortium.  If you have previously achieved certification to Cyber Essentials through a non-IASME affiliated organisation, you may notice some differences in the way your re-certification is conducted.

 

To continue to deliver Cyber Essentials certification, from 1st April, we at Knox have been trained and licensed by IASME. From this date, the IASME website www.iasme.co.uk, will list all those Certification Bodies licensed to deliver under the new arrangements.

 

The change means that all certifications carried out from 1st April 2020 will be evaluated using the IASME question set and assessment guidelines. The fundamental requirements of the Cyber Essentials scheme (the five technical control) will remain the same.

 

There are some small differences during the new Cyber Assessment of which you should be aware of :

 

  • Some of the questions in the self-assessment aspect will require a yes/no answers but others may need a couple of sentences of information. The information provided will be used by the assessor to ensure you have the appropriate technical controls in place that address the question being posed.
  • You will not be required to upload any documentation such as policies or procedures. You will only need to upload the signed declaration at the end to confirm that the answers given are true.
  • Remember, all staff-owned devices will need to be included in the scope of your assessment if they access your business data, including email.
  • Any servers that are connected to internet will need to be included within the scope of your assessment.
  • For the Cyber Essentials assessment, a vulnerability scan is NOT required. This is only required at the Cyber Essentials Plus level.
  • An IT system and its related security can change significantly over the course of a year. In that regard, rather than rely on a repeat of the previous year answers, an IASME assessment will require you to re-enter your answers and justifications each year.
  • The cost for assessment to Cyber Essentials basic certification will be capped at £300 + vat.  But Certification Bodies may charge you extra for support or extra services.

 

If you use an IASME Certification Body to support your organisation, they will have been trained in all these areas and will be able to provide more detail.  Alternatively, please do contact IASME directly for more information

 

Cyber Essentials is Government-owned scheme.  For more details on the reasons behind the change to a sole Cyber Essentials Partner, please see the following blogs:

 

https://www.ncsc.gov.uk/blog-post/bare-essential

https://www.ncsc.gov.uk/blog-post/announcing-iasme-consortium-as-our-new-cyber-essentials-partner

 

Please do get in touch if you have any questions at all.  We are here to help.

 

To apply, or to re-apply for Cyber Essentials Certification, please click the button below.

 

 

 

Paul Silcox