Cyber Essentials Plus follows same principles as Cyber Essentials but with additional Independent Testing which requires an on-site technical assessment. The self-assessment questionnaire and external vulnerability scan are utilised, as with the Basic level. However, DigitalXRAID use specially tailored vulnerability criteria, targeting your organisations internet facing infrastructure, workstations and servers. These tests will highlight any security issues that were not captured in the self-assessment. This will also provide you with peace of mind that your current software builds and software are meeting minimum security requirements.
The time required to complete Cyber Essentials Plus depends on the size of your organisation, however a minimum of 3 days will be required in order to complete the assessment, reporting and certification process.
Cyber Essentials Plus is the more extensive Cyber Essential package, due to the addition of a technical assessment. By showing you’ve undertaken a more thorough check, you’re providing greater confidence to organisation associates that you’re able to protect your own assets and give great consideration to your cyber security. Being advocates of best security practice we would recommend Cyber Essentials Plus for all organisations of any size. It provides a thorough and impartial validation of your organisations present security exposure giving senior stakeholders greater assurance.
With either certification, you will decide the systems and devices to be in the scope of your assessment. It may be that you only wish to include the desktop environment and omit mobile (BYOD) devices. All areas of the Cyber Essentials Plus questionnaire are compulsory and guidance on the pass/fail criteria is provided.
Included Cyber Essentials Technical Guides
DigitalXRAID provides a comprehensive Cyber Essentials Plus guide to all customers:
– Detailed yet clear security walkthroughs to ensure you meet the on-site requirements before the assessment.
– Covers the process of implementing a secure software restriction policy
– How to perform your own vulnerability assessment before the on-site test
– Patch management strategy outlining common failure points
– Outlines workstation preparation requirements before the assessment.
What to expect from the on-site Assessment
– Production of a report which provides clear, measurable results
– Award of the certification, if achieved
The DigitalXRAID approach to Cyber Essentials Plus also includes:
– In-depth review and verification of self-assessment questionnaire
– External vulnerability assessment, scan of your internet facing infrastructure.
– Vulnerability scan of internal systems
– Email virus delivery check
– Malicious code web download check
The self-assessment questionnaire serves two main purposes to your organisation:
– Provides your organisation with technical scoping information
– Gives your organisation the opportunity to assess your current security measures against industry best practice. The information provided during the certification process can be used to develop your cyber security systems, and should be incorporated into your organisation’s business planning for the future.