From 1st April 2020, the delivery of the Cyber Essentials scheme will change to a single Cyber Essentials Partner, IASME Consortium. We previously delivered certification to Cyber Essentials through APMG. With the move to IASME you may notice some differences in the way your re-certification is conducted.
To continue to deliver Cyber Essentials certification, from 1st April, Specialist Industries Ltd has been trained and licensed by IASME. The IASME website www.iasme.co.uk, lists all those Certification Bodies licensed to deliver under the new arrangements.
The change means that all certifications carried out from 1st April * will be evaluated using the IASME question set and assessment guidelines. The fundamental requirements of the Cyber Essentials scheme (the five technical control) will remain the same.
With the change from APMG, there are some small differences of which you should be aware of :
- Some of the questions in the self-assessment aspect will require a yes/no answers but others may need a couple of sentences of information. The information provided will be used by the assessor to ensure you have the appropriate technical controls in place that address the question being posed.
- You will not be required to upload any documentation such as policies or procedures. You will only need to upload the signed declaration at the end to confirm that the answers given are true.
- Remember, all staff-owned devices will need to be included in the scope of your assessment if they access your business data, including email.
- Any servers that are connected to internet will need to be included within the scope of your assessment.
- For the Cyber Essentials assessment, a vulnerability scan is not required. This is only required at the Cyber Essentials Plus level.
- An IT system and its related security can change significantly over the course of a year. In that regard, rather than rely on a repeat of the previous year answers, an IASME assessment will require you to enter an your answers each year.
- The cost for assessment to Cyber Essentials basic certification will be capped at £300 + vat but Certification Bodies may charge you extra for support or extra services
Cyber Essentials is Government owned scheme. For more details on the reasons behind the change to a sole Cyber Essentials Partner, please see the following blogs:
Please do contact IASME or Specialist Industries should you require any further information regarding the above.
*Organisations that apply for Cyber Essentials ahead of 1st April will have 3 months to complete their certification through a non IASME organisation,(APMG, Crest, IRM or QG Management). For example, an organisation applying for certification on 31 March 2020 will have until 30thJune 2020 to submit their assessment.