The Department for Business, Innovation and Skills (BIS), the UK government department responsible for economic growth, has launched a certification scheme for cybersecurity measures that organisations have in place.
The Cyber Essentials award, part of the UK Government's National Cyber Security Strategy, will allow businesses to show they have measures in place designed to help defend against common cyber-threats such as the recent GOZeus and CryptoLocker malware attacks. Previously, there had been no single recognised cybersecurity assurance certification suitable for all businesses to adopt.
From 1 October, the UK government will require all suppliers bidding for certain contracts assessed as “higher risk” to be Cyber Essentials certified, which are likely to be from the following sectors: IT managed or outsourced services, commercial services, financial services, legal services, HR services and business services.
Organisations can apply for Cyber Essentials certification, which requires the organisation to complete a self-assessment questionnaire, with responses independently reviewed by an external certifying body, or a Cyber Essentials Plus certification, whereby tests of the organisation's systems are carried out by an external certifying body.