Skyscape’s Cyber Essentials Plus technical assessment was conducted by the NCC Group, following the successful completion of which, certification was awarded by CREST. CESG, the information security arm of GCHQ, engaged CREST to develop and deliver an effective independent technical assessment of the controls outlined in the Cyber Essentials Scheme. Adoption of these controls is estimated to address over 80 percent of current cyber threats, and will make the UK a safer place to conduct business online.
Having been one of the first to successfully complete the self-assessment activities of the Cyber Essentials Scheme, required by IASME, Skyscape was keen to undertake the more thorough independent technical checks which are required to achieve the Cyber Essentials Plus certification. This assessment was focussed on the management, configuration and use of Skyscape’s internal ICT systems, including assessment of end-user devices, and sought to identify whether they could be compromised by a variety of different cyber-attack scenarios.
“As one of the first companies to sign up to the Cyber Essentials Scheme on the day it was launched, we are delighted to be one of the very first to achieve the Cyber Essentials Plus certification,” said John Godwin, head of compliance and information assurance at Skyscape Cloud Services. “From 1st October 2014, the UK Government will require all suppliers that are bidding for contracts that include the handling of certain sensitive and personal information to have successfully completed certification against the Cyber Essentials Scheme. As part of our ongoing commitment to offer secure cloud computing services for the UK public sector, we’re extremely happy to have secured this important validation of our controls well ahead of time.”
The Cyber Essentials Scheme was developed by the Department for Business, Innovation & Skills (BIS) and CESG. “Organisations need to take cyber security seriously, and we applaud companies such as Skyscape Cloud Services who achieve the Cyber Essentials Plus certification,” said Richard Bach, assistant director of cyber security at BIS. “Cyber Essentials and Cyber Essentials Plus enable businesses to demonstrate that they are taking action to control the risks ? critical if they are to protect themselves, their customers and their reputation, and even win business.”
Skyscape recognises that information security is of paramount importance to all of its customers. Its portfolio of assured cloud services have already achieved the highest possible Pan Government Accreditation (PGA) status from CESG – up to and including Impact Level 3 – which remains suitable for all data at OFFICAL (including OFFICIAL SENSITIVE) under the new Government Security Classification Policy. Additional customer assurance is obtained from Skyscape’s ongoing certification to ISO27001, the international Information Security Management System standard, which covers the activities of the whole company, and which is complemented by certifications for ISO9001 (for Quality Management) and ISO20000 (for IT Service Management). Skyscape is a member of the Cloud Security Alliance (CSA), a not-for-profit organisation which aims to develop and promote the use of best practices for providing security assurance within cloud computing environments.