The Cyber Essentials scheme provides businesses small and large with clarity on good basic cyber security practice. By focusing on basic cyber hygiene, your company will be better protected from the most common cyber threats.
Cyber Essentials is for all organisations, of all sizes, and in all sectors - we encourage all to adopt the requirements as appropriate to their business. This is not limited to companies in the private sector, but is also applicable to universities, charities, and public sector organisations.
Cyber Essentials is mandatory for central government contracts advertised after 1 October 2014 which involve handling personal information and providing certain ICT products and services. Find out more here.
The Cyber Essentials scheme has been developed as part of the UK’s National Cyber Security Programme and in close consultation with industry.
The Cyber Essentials Badge allows your company to advertise the fact that it adheres to a government endorsed standard.
Requires the organisation to complete a self-assessment questionnaire, with responses independently reviewed by an external certifying body.
Tests of the systems are carried out by an external certifying body, using a range of tools and techniques.
Whether your organisation seeks to attain either of these or simply to self-assess and apply the controls will depend on your business drivers and the level of rigour you need or want to demonstrate.
Cyber Essentials documents are FREE to download and any organisation can use the guidance to implement essential security controls, but some may want or need to gain independent assurance that they have fully deployed the controls. Organisations that have been successfully independently assessed or tested through the scheme’s assurance framework will attain a Cyber Essentials certification badge. This will help you demonstrate to customers, partners or clients that your company takes cyber security seriously - boosting reputations and providing a competitive selling point.
Cyber Essentials FREE downloads
For more information about Cyber Essentials, please see the Cyber Essentials Scheme Summary.
The Cyber Essentials Requirements document presents important guidance on the most basic technical controls an organisation needs to have in place.
The Cyber Essentials Assurance Framework explains how the independent assessment process works and the different levels of assessment, to enable your organisation to choose which is appropriate. It also provides guidance for security professionals carrying out the assessments.
How do I get a Cyber Essentials badge for my organisation?
For more information on how your organisation can be independently assessed to obtain a Cyber Essentials badge, visit the Cyber Essentials pages on the accrediting bodies' websites: CREST, Information Assurance for Small and Medium Enterprises (IASME) Consortium, QG Management Standards or APMG. Prices for certification are not set by HMG and are largely driven by competition.
How do I become a certifying body?
How do I become an accreditation body?
Organisations wishing to become an accreditation body should contact firstname.lastname@example.org for more detailed requirements and an application form.
Cyber Essentials sets out five security controls which will help all organisations protect themselves against the most common cyber threats. Take this quick test to give you an idea of how you measure up. You can then decide whether to apply for one of the Cyber Essentials badges.