The NEBRC has announced this week that it has attained Cyber Essentials Self-Assessment certification.
Cyber Essentials aims to help organisations implement basic levels of protection against cyber attack, demonstrating to their customers that they take cyber security seriously.
The scheme is available at two levels:
· Cyber Essentials - an independently verified self-assessment. Organisations assess themselves against five basic security controls and a qualified assessor verifies the information provided.
· Cyber Essentials PLUS – a higher level of assurance. A qualified and independent assessor examines the same five controls, testing that they work in practice by simulating basic hacking and phishing attacks.
The five basic controls within Cyber Essentials were chosen because, when properly implemented, they will help to protect against unskilled internet-based attackers using commodity capabilities – which are freely available on the internet.
Organisations that undertake Cyber Essentials are encouraged to re-certify at least once a year and, where appropriate, progress their security.
Commenting on the news, Superintendent Rebecca Chapman, Director of NEBRC said:
“This is a big milestone for the NEBRC: we are extremely proud to have achieved our own Cyber Essentials Self-Assessment Certification. “But this is about much more than just practicing what we preach - as part of this process we wanted to confirm that we completely understand the journey we are asking our customers to undertake, while at the same time operating at this standard ourselves. “In addition, having gone through the application process ourselves, we wanted to validate that we fully understand what IASME are looking for and why, as well as demonstrating to our customers and partners that are working in a safe and secure manner.”
The NEBRC recently announced the first of the organisation’s Trusted Partners: nationally recognised Certification Bodies approved by IASME, the national certifying body appointed by the Government to oversee Cyber Essentials Basic and Plus assessments on behalf of the National Cyber Security Centre (NCSC).
Since 1 October 2014, Cyber Essentials became a minimum requirement for bidding for some government contracts (https://www.gov.uk/government/publications/procurement-policy-note-0914-cyber-essentials-scheme-certification
For further information please see www.cyberstreetwise.com\cyberessentials