Cyber Essentials

Cyber Essentials

Riverbank use Cyber Essentials as the baseline security standard for our clients to help protect themselves against cyber-attack. It is useful because it is a government created scheme and enables Riverbank to measure our customers IT security against what GCHQ recommends for business. Therefore, it is an independent and transparent standard trusted by businesses and government agencies in the UK.

What is Cyber Essentials?

Cyber Essentials is a government-backed, industry supported scheme to help organisations protect themselves against common cyber-attacks.

There are two options:

  • Cyber Essentials
  • Cyber Essentials Plus

The ‘Plus’ option includes verification by an external auditor; it has a higher standard and is more onerous than the standard Cyber Essentials. Regardless of which one you want or need; your business will start with Cyber Essentials and then progress onto Cyber Essentials Plus.

Riverbank work with IASME, one of five companies appointed as Accreditation Bodies for assessing and certifying against the Government's Cyber Essentials Scheme. IASME also offers a GDPR Readiness certificate, so our clients often achieve a combination of certification: Cyber Essentials with GDPR readiness certificate.

CyberEssentials_chart_Transparent-800x800-1

Why Cyber Essentials?

Achieving the Cyber Essentials certification shows your commitment to IT security. It demonstrates to your customers and potential customers that you have the systems and procedures in place to protect your organisation and your data. You can use the Cyber Essentials logo on your web site and other marketing materials, and you will also be listed on the government’s Cyber Essentials web site.

If you want to bid for government contracts, you will need a Cyber Essentials accreditation.

IT security breaches are extremely painful and can be very costly in terms of finance and reputation. While the Cyber Essentials certification does not guarantee protection, it is a great tool to make sure you have assessed the risks and taken appropriate measures.

It is best practice for businesses to perform an annual IT security health check. By submitting to the Cyber Essentials certification process, you can make sure this gets done and benefit from the certification at the end of it.

How Riverbank can help

Cyber Essentials is a self-assessment process. So, while you can take a do-it-yourself approach, many organisations need professional guidance to carry out a gap analysis to identify the areas of non-conformance. Most importantly, they need help to take the most appropriate remedial action to protect themselves without adding excessive friction to their business.

Riverbank will take you right through the process. A typical Cyber Essentials project runs like this:

  • Our consultant will meet with you and ask all the questions required and look at your IT infrastructure to assess your IT security positioning against the Cyber Essentials standard.
  • The activity will produce a gap analysis report on the things required to do, these could be new technical solutions, adjustments on existing technical solutions or IT security policy adjustments. Of course, it could be that there are no gaps but on the initial audit there are normally some security gaps.
  • If there are any technical gaps, we will meet with you to decide how best to resolve them.
  • Once the technical gaps have been filled and the self-assessment questionnaire has been completed, we submit the application and when approved you will receive the Cyber Essentials certificate.

After that, we can continue to work with you to monitor and manage your IT security and we will help you manage your annual renewal.

More information

https://www.gov.uk/government/publications/cyber-essentials-scheme-overview