Alan Calder, Founder and Executive Chairman of IT Governance, says: “The release of the Cyber Essentials Scheme Requirements is a significant milestone in the UK Government’s efforts to create a baseline of cyber security measures. We welcome the fact that the five security controls set by the scheme are based on ISO27001, the international information security management standard.
“Thanks to our long-term involvement with information security management systems, notably ISO27001, we are able to launch new, fit-for-purpose Cyber Essentials services to help implement the government’s Scheme.”
While the document “Cyber Essentials Scheme: Requirements for basic technical protection from cyber attacks” has been officially released, the assurance scheme document, currently put forward for public consultation, is still to be released. This means that no organisation can yet certify against the scheme, but companies can start preparing by implementing the five controls.
Calder says, “Although certification against the new scheme is not available yet, companies can benefit from implementing the scheme early. Competitive advantage and better protection from cyber attacks are just some of the benefits early adopters will gain.”
Alan Calder also warns that the new scheme should not be an ‘instead of’, but ‘in addition to’ ISO27001, on which the five controls are based.
“The Cyber Essentials Scheme represents a basic set of controls. It will help companies (especially SMEs) implement minimum cyber security, but for a more significant level of assurance organisations need a more comprehensive approach, in the form of ISO27001. Therefore, my advice is that organisations implement ISO27001 plus the Cyber Essentials Scheme.”
IT Governance’s Cyber Essentials products and services are being designed to help organisations better understand their cyber security stance and fulfil the Cyber Essentials Scheme Requirements.