Cyber
Essentials
What is Cyber Essentials?
Cyber Essentials is a government-backed, industry supported scheme for any sized organisation to protect themselves against common cyber attacks.
Two certification levels are available, Cyber Essentials, or Cyber Essentials Plus.
Organisations who have been certified that year, will be published on the government certified site, reassuring your customers you are taking steps to protect your systems. If you are going to contract with Governement of Defence many contracts will require Cyber Essential Certification.
Our services
We can walk you through the certification process if you’re unsure of what is required of you, or we can provide you with access to the portal to self-certify if your organisation is mature and requires less assistance.
We will test your organisation as part of the Plus scheme.
​
About our testing services
​
Our testing services are tailored to the organisation, and at the outset, we ensure the testing you seek is what you need to assess your risk.
​
Types of testing provided
​
We provide a wide range of testing services (see each link for details).
​
The testing roadmap
This section outlines how we manage a testing activity with a client:
Once we have exchanged Non-Disclosure Agreements (NDAs), we start with a scoping call to introduce the testers and other support staff who may be working on your test.
We then ask you to explain what you want from the test and where it fits into your overall security management.
We will ask about previous testing you may have conducted and about the impact and remediation steps you have taken since.
We will develop a bespoke test plan around your requirements, leveraging best-practice industry guidelines and standards such as CSA (CCM), MAST, and OWASP.
We will arrange dates and times for the testing activity and agree on the timeline for report and debrief delivery.
During testing, we will keep you informed regularly of progress, and we will contact you if we discover an urgent issue, such as a critical vulnerability or evidence of its exploitation (aka a breach). We will advise you when the testing phase is complete and conduct a hot wash-up. We will then draft the report and presentation materials for your staff.
We will deliver your report and debrief materials (not by email). We will include executive summaries and action plans to assist you in remedying the issues we identified. We will conduct a debrief at a mutually convenient date/time.
If your accounts department is on the ball and pays its invoice within 15 days, we offer a retest of any medium or above finding and an up-issue of the report to confirm that the finding is closed.
We will follow up with you 3 months after the testing is complete to ensure you are progressing with the remediation activity.
We will contact you 5 months after the completion of the testing, as we will destroy all data (scan results and reports, etc.) from the testing at the 6-month point (you can request that we retain this data for longer if you are planning additional support from us).