The UK government has launched a new cyber security scheme called Cyber Essentials. Under the scheme, organisations can apply for one of two levels of certification: Cyber Essentials and Cyber Essentials Plus. An organization that has been successfully assessed will obtain a certification badge and will be allowed to advertise the fact that it adheres to a UK-government-endorsed standard. A summary, which outlines the scheme, has been published. Also available is a requirements document which provides guidance on the most basic technical controls an organization needs to have in place, and anassurance framework explaining how the independent assessment process works.

Beginning October 1, 2014, the UK government will require all suppliers bidding for government contracts that are assessed as “higher risk” to be Cyber Essentials certified. It is expected that the suppliers and contracts likely to be affected will be those in the IT managed or outsourced services, commercial services, financial services, legal services, HR services, and business services sectors.

TIP: Businesses operating in the UK may want to consider obtaining a Cyber Essentials certification. Businesses that supply services involving the handling of personal and/or sensitive information to the UK government must have this certification by October 1, 2014.