From the beginning of October, many businesses that supply the government must conform to its new Cyber Essentials standards.
The new rules apply if you’re bidding for government contracts that involve handling sensitive or personal information, or providing certain technical products or services.
Cyber Essentials is a pair of new ‘kitemarks’ for cyber security. There are two levels:
- Cyber Essentials, which requires you to complete a questionnaire that gets reviewed by an external certifying body.
- Cyber Essentials Plus, which will see your IT systems actually tested for security issues and weaknesses.
These standards are designed to provide a good foundation in security. In a world where many organisations still don’t give enough thought to how they handle information, they aim to drive up basic security, ultimately keeping sensitive data safer from hackers and other threats.
Once your business has achieved one of the two Cyber Essentials levels, you’ll be awarded a certificate and gain the right to show the relevant Cyber Essentials badge on your marketing materials.
It’s still early days, but in time, it’s hoped these logos could become recognisable, reassuring potential customers that your business takes data security seriously.
In any case, it’s probably fair to say that these two standards formalise what would be a prudent approach to security in any case.
“Cyber Essentials is genuinely the minimum level of cyber security that every organisation should have in place,” confirms Alan Calder, founder of IT Governance.
So, no matter whether or not you’re planning to bid for government work, getting accredited could be a good way to give your security precautions a once-over.
If you’re interested in achieving one of the Cyber Essentials standards, you can learn more from the Cyber Essentials website.