Companies, charities and not-for-profit organisations will be able to certify that their internet security measures are fit for purpose using a new Government accreditation scheme.
The Cyber Essentials Scheme provides a five-point framework against which organisations can check they are meeting the minimum requirements to protect against online threats. Organisations will also be able to receive independent accreditation under the scheme to reassure customers that they are implementing the security measures.
Cyber Essentials was launched last month and advises on the following areas of internet security:
- Boundary firewalls and internet gateways
- Secure configuration of devices
- Internal user access control
- Malware protection
- Keeping software up-to-date with latest security patches
The proposed assurance framework whereby organisations can be accredited against the scheme is expected to be available by this summer. There will be three tiers of accreditation: bronze, silver and gold.
Bronze accreditation will be done on a self-assessment basis, certified by the head of an organisation and then verified by independent professionals. The silver tier will require independent testing and provide a snap-shot of a company's security measures. The gold standard will have the same independent testing but also an assessment of the ongoing governance and processes to ensure the measures will remain in place over time.
As the name suggests, the Cyber Essentials Scheme represents the basic steps which all organisations should take to protect themselves online. It will be particularly useful to SMEs as larger companies may need more comprehensive protection measures.
In addition, by securing accreditation on the scheme, organisations can go some way to complying with their obligations under Data Protection law to ensure that personal data is stored securely. Depending on the sensitivity and size of personal data, accreditation may not be sufficient to meet all Data Protection requirements, but as a Government scheme, Cyber Essentials is a good first step for all organisations.
Full details of the Cyber Essential Scheme can be found here: Cyber Essentials Scheme: Requirements for basic technical protection from cyber attacks.