Understand what networks and devices will fall in scope of Cyber Essentials – this includes remote offices, serviced offices, home workers, your main business headquarters. Devices include Desktops, Laptops, Tablets, Thin Clients and mobile phones (if used for company data).
Review your IT Security Policies and Procedures to see if they currently meet the requirements of the Cyber Essentials Controls. You may need to change how certain things are done or managed to meet Cyber Essentials requirements, which should be reflected in your IT Security Policies and Procedures. Example of policies includes Password Policy or Administrator Access Policy.
Complete and submit the Cyber Essentials Questionnaire. You will receive notification if the questionnaire needs some adjustments and if any alterations need to be implemented. You can then provide the required information and implement the required changes. Then resubmit the questionnaire.
Once you are Cyber Essentials Certified, the work continues. Your organisation must make sure all controls, policies and procedures put in place are adhered to. Review your Cyber Essentials Dashboard to check the status and ensure devices under the assessment scope continue to be compliant. Review your policies regularly to ensure they still meet your and Cyber Essentials’ requirements.
Cyber Essentials Certification is an annual commitment and will need to be renewed. As new threats emerge, additional controls may be added to Cyber Essentials requirements. Be aware of any other changes and implement the necessary controls and procedures to meet these requirements before submitting the newly released questionnaire.
Are you looking to further your cyber security approach even more? Why not consider Cyber Essentials+. This certification takes all that you have put in place for Cyber Essentials to the test. An independent auditor will assess if the steps have been implemented to ensure your organisation is secure.