The way the Cyber Essentials scheme is run has changed significantly during 2020. Grant McGregor Ltd has now published a short guide to explain the changes and how they might affect you.

The UK Government’s Cyber Essentials scheme to help small businesses beef up their cyber security has been hugely successful.

The scheme comes under the remit of the National Cyber Security Centre, a part of GCHQ. It launched the scheme in June 2014 the scheme as part of its mission to “make the UK one of the safest places to live and do business online”.

Since then, over 30,000 UK businesses have gained a Cyber Essentials certification and this number continues to grow year on year.

How has Cyber Essentials changed?

Last year, GCHQ announced that it was changing the way the scheme is operated in order to ensure greater consistency throughout the whole of the UK.

Rather than the five Accreditation Bodies that previously ran the scheme, NCSC wanted a single Partner that would manage all Cyber Essentials certifications.

The IASME Consortium was awarded Cyber Essentials Partner status in October 2019. Now, as of April 1, 2020, IASME has been responsible for the administration and management of the Cyber Essentials and Cyber Essentials Plus schemes.

What do these recent changes mean for small and mid-size businesses?

The scheme itself is not changing as it has proved a very successful mechanism for closing the most common gaps in cyber security for small and mid-size businesses.

The five technical controls which form the basis of Cyber Essentials remain the same.

The benefits of the scheme themselves won’t change. As well as helping to drive improvements to cyber security via people, processes and systems, the achievement of a verified self-assessed Cyber Essentials certification will still qualify small and mid-size businesses with a turnover of less than £20 million for the free Cyber Liability insurance cover.

What is changing is the way the scheme is standardised and how it is administered. All Certification Bodies, the organisations such as Grant McGregor who help their customers navigate through the scheme, will now work under a single Accreditation Body, IASME.

Because most existing Certification Bodies, including ourselves, are continuing to operate as Certification Bodies under the new operating model, when it becomes time to renew or embark on a new Cyber Essentials certification, you may be able to do this through your existing Certification Body.

However, if your Certification Body wasn’t working with IASME prior to April this year, you may notice some changes to the way the scheme is administered while the different organisations work to align their processes with the new way of working. Our new guide details some of the changes you may notice.

Grab your free copy below:

Why it’s more important than ever to keep your Cyber Essentials certification up to date

If you have certified once, it should be relatively simple for you to re-certify.

It’s important to keep your certification current for a number of key reasons:

• You will only be listed as Cyber Essentials certified on the Government website for one year from the date of your certification unless you renew. This is increasingly important for demonstrating your commitment to good cyber security and data processing, especially for bids and tenders, and especially for contracts with the public sector.

• You’ll need your Cyber Essentials certificate to be issued within the last year if it is to be taken into account by the ICO in the case of you having a data breach.

• There’s a financial incentive too: the Cyber Liability Insurance cover which is awarded to all UK SMEs (those under a £20m turnover) when they achieve Cyber Essentials only lasts for a year. It can’t be renewed unless the organisation re-certifies to Cyber Essentials.

Sometimes the re-certification process can be a little more complicated, for example if you have had major infrastructure changes or your software has gone out of support. With so many staff working from home now (even if temporarily), these changes will affect your scope for Cyber Essentials / Plus.

However, even in such a scenario, the Grant McGregor team is always on hand to support you throughout your Cyber Essentials or Cyber Essentials Plus certification process, just as we can with many of your other cyber-security and IT related concerns.

Find out more about the changes by getting your free guide below.

You can also find out more about how the Grant McGregor Cyber Team can help you through your Cyber Essentials certification process here.