Obtaining Cyber Essentials Plus certification involves a more rigorous process than the basic Cyber Essentials certification. Here are the steps involved:
- Achieve Cyber Essentials Certification:
- Complete Initial Certification: Before applying for Cyber Essentials Plus, you must first obtain Cyber Essentials certification. This involves completing a self-assessment questionnaire and meeting the basic cybersecurity controls.
- Prepare for Cyber Essentials Plus:
- Review Requirements: Understand the additional requirements for Cyber Essentials Plus, which include an external vulnerability assessment and more thorough verification of your cybersecurity practices.
- Strengthen Security Measures: Ensure that the cybersecurity controls outlined in Cyber Essentials are fully implemented and operational, as they will be assessed in greater detail during the Cyber Essentials Plus process.
- Select an Accredited Certification Body:
- Choose an Accredited Assessor: Find and select an accredited certification body that offers Cyber Essentials Plus certification. This organization will conduct the necessary vulnerability assessment and testing.
- Undergo a Vulnerability Assessment:
- Internal Vulnerability Scan: The certification body will conduct an internal vulnerability scan of your organization’s network to identify potential security weaknesses.
- On-Site Assessment: An assessor may perform an on-site or remote inspection to verify that your cybersecurity measures are effectively implemented and functioning as required.
- Address Identified Issues:
- Remediate Vulnerabilities: Based on the findings from the vulnerability assessment, address any identified issues or weaknesses. This may involve additional configuration changes, updates, or patches.
- Re-Test if Necessary: If significant issues are found, you may need to make improvements and undergo re-testing to ensure that all vulnerabilities are addressed and that compliance is achieved.
- Receive Certification:
- Certification Awarded: Once the assessment is complete and any necessary issues have been resolved, the certification body will award your organization Cyber Essentials Plus certification.
- Maintain Certification:
- Regular Reviews: Continuously monitor and review your cybersecurity measures to ensure ongoing compliance with Cyber Essentials Plus standards.
- Annual Recertification: Prepare for annual recertification by repeating the vulnerability assessment and addressing any new or evolving threats.
- Leverage Your Certification:
- Promote Your Achievement: Use your Cyber Essentials Plus certification to enhance your organization’s credibility and demonstrate a higher level of cybersecurity commitment to clients, partners, and stakeholders.
By following these steps, you can successfully achieve and maintain Cyber Essentials Plus certification, demonstrating a robust approach to cybersecurity and improving your organization’s overall security posture.
