Cyber Essentials January 2022 Update
This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.
About the Cyber Essentials 2022 Update
On 24th January 2022, an updated set of requirements for the Cyber Essentials certification scheme will come into play – these represent the biggest changes made to the Cyber Essentials scheme since its inception in 2014.
Why are the changes needed?
The changes are a direct response to the dramatic shift over the past 2 years in how we work. High levels of home and hybrid working and the increasing adoption of cloud services has left companies more vulnerable to cyber security threats. The changes to the Cyber Essentials scheme have been introduced to counter this risk.
What do I need to do…..
I’m part way through the certification process? If you have started the certification process prior to 24 January you can continue to use the current standards and will have six months from the launch date to complete that assessment.
I’m thinking about starting a Cyber Essentials assessment? Any application made on or after 24 January will need to apply the updated requirements, although there will be a grace period of up to 12 months on select requirements (to reflect extra effort that may be needed for some organisations).
I am already Cyber Essentials certified? For those who are already certified, your certification will remain valid. When you come to renew your certification, you will however need to be assessed against the updated requirements.
Is it worth it?
Of course, the updated requirements to the Cyber Essentials scheme will likely make certification harder to achieve. Despite this, a company should not be deterred in taking steps towards certification. In practical terms, your company will be more cyber-secure and show a clear commitment to cyber security to your existing, and potential, customers. In cost terms, the Cyber Essentials application is a valuable accreditation that could be significantly cheaper than the effects of a successful security breach of your network.
Cyber Essentials Scheme & IASME Governance
Cyber Essentials is a government-backed, industry supported scheme designed by the NCSC to help protect organisations against common cyber-attacks. Cyber Essentials was developed as a simple prescriptive formula based on evidence of the attacks. By design the scheme addresses the most common Internet-based threats to cyber security — particularly, attacks that use widely available tools and demand little skill including hacking, phishing and password guessing.
The NCSC advertises Cyber Essentials as suitable for any size of organisation and in our experience it should be considered alongside ISO 27001, PCI DSS and the NIST Cyber Security Framework as cyber security compliance standards to protect your organisation. The UK government often requires its suppliers to achieve Cyber Essentials and it is recommended by the Information Commissioner’s Office (“ICO”); those who process NHS patient data will benefit from achieving Cyber Essentials Plus before they complete the NHS’s Data Security and Protection Toolkit.
We evaluate and refine the five controls which protect against the most common enterprise attacks; access and privilege management, network configurations, patch management, malware protection, and perimeter security.
PrimoConnect makes it easy for companies looking to gain Cyber Essentials self-assessment and Cyber Essentials Plus accreditation. We work closely with organisations to understand their individual challenges and concerns to provide recommendations and guidance to achieve certification.
IASME Governance
The Information Assurance for Small to Medium-sized Enterprises (IASME) Governance Standard is a structured way for an organisation to implement and improve the way it secures information and offers assurance to the government, regulators, customers and vendors regarding its posture. The IASME Governance Standard is designed to guide the SME where needed and then assess their level of maturity.
Cyber Essentials is an integral part of IASME Governance, which helps to protect organisations against common cyber-attacks.
Cyber Essentials
This is a foundation-level certification specifically designed to provide a self assessment of basic controls an organisation requires to mitigate risk from different common cyber threats.
Cyber Essentials Plus
Cyber Essentials Plus involves both internal and external tests of your network and computers. It will involve a visit to your site and provides more assurance that you are complying with the Cyber Essentials Scheme than the basic self-assessment level.