From Cyber Essentials cost to renewal, take a look at the commonly asked questions regarding the Cyber Essentials scheme here. If you can not find the answer you’re looking for, do not hesitate to contact Forensic Control today.
Cyber Essentials is a self-assessment demonstrating a company’s ability to protect itself against common cyber attacks. It provides guidance on how to securely configure your devices and the accounts used to access them.
Cyber Essentials Plus offers additional integrity, requiring an external body, such as Forensic Control, to conduct a technical verification of the security of your devices.
Any device accessing your data, email or services (including services such as Microsoft 365 or Google Workspace) or remote desktop services, (e.g., Citrix, VDI, RDP) is in scope and must comply with the Cyber Essentials standard. This includes devices owned by the organisation and devices owned by staff, whether employed or contractors (BYOD). Devices which don’t directly connect to the internet are not in scope.
It largely depends on how quickly you can respond to our requests for information, and your lead time in making any required configuration changes. We aim to reply to your emails/calls on the same day. We’ve found that applicants can take anywhere between one week and a couple of months to certify.
Cyber Essentials seeks to protect an organisation’s data by securing the devices which access that data. The employment status of the people who use devices to access your data doesn’t matter, whether employed, contractors, interns or temps. If they access your data then their devices will be in scope and will need to be secured to the Cyber Essentials standard.
Cyber Essentials is a point in time certification – it assesses your organisation as it is on the day that you submit your responses. If staff are currently home based then they will be considered as home workers.
Home routers are not in scope if your computers have their software firewall switched on – by default, all Windows and Mac computers have this already activated. For extra security we recommend all connections from devices accessing your data are protected by a VPN (virtual private network) and that you have an effective home working policy
Cyber Essentials and Cyber Essentials Plus certifications are valid for 12 months. We recommend re-certifying annually to ensure that organisations are still secure against emerging cyber threats.