Cyber Essentials (CE) sets out the basic controls all organisations should have in place to prevent and manage common cyber threats. Organisations can be assessed and certified against the scheme, thereby demonstrating their compliance to customers and partners. Since October 2014, CE certification has been mandated for organisations bidding on most government contracts as announced in Procurement Policy Note 09/14.
Cyber Essentials Plus (CE+) is a more rigorous level of assessment, including external testing.
At 3SDL we help organisations achieve CE and CE+, allowing them to continue winning government business. We understand the common issues and the best routes to certification. We are a licensed and trained Certification Body for both CE and CE+, with staff able to support you through assessment. We have supported over 20 companies in achieving CE certification.
Requirements For MOD Suppliers
Since January 2016, CE certification is required for suppliers being awarded MOD contracts, as announced in Industry Security Notice ISN2016/01.
From Mid-2016, the MOD's Cyber Security Model will require CE+ certification for all but the most basic contracts. The model will also require additional controls as specified in Defence Standard 05-138 for many suppliers. Sub-contractors are not exempt and primes must ensure their supply chain complies. For Small and Medium organisations, IASME certification can offer an efficient route to demonstrating compliance with these additional requirements.
3SDL is a MOD supplier, a CE/CE+ certification body, an IASME certification body and our staff supported development of the MOD’s Cyber Security Model. We currently provide advice and support to MOD suppliers of all sizes wishing to achieve certification. We also work with larger primes to educate and bring diverse supply chains up to the required level of compliance.
If you would like advice or guidance on CE, CE+ or the MOD’s Cyber Security Model including Defence Standard 05-138, please contact Sam Eaton-Rosen on 01684 878 170 or firstname.lastname@example.org
Cyber Essentials Scheme Government Site.
UK Defence Standardization (DSTAN) Website for access to Defence Standard 05-138 (registration required).