Cyber Essentials is a government-backed cyber security certification scheme that sets out a good baseline of cyber security suitable for all organisations in all sectors. The scheme addresses five key controls that, when implemented correctly, can prevent around 80% of cyber-attacks.
Cyber-attacks cost organisations thousands of pounds and cause lengthy periods of disruption. Do you have a plan for what you would do if your customer database was stolen, your website was forced offline, or you couldn’t access your email or business-critical data?
Cyber criminals don’t just attack banks and large companies – they target any organisation which isn’t properly protected, even small businesses.
Most cyber-attacks exploit basic weaknesses in your IT systems and software. Cyber Essentials shows you how to address those basics and prevent the most common attacks. The scheme is designed by the Government to make it easy for you to protect yourself.
Can we submit the questionnaire without any assistance?
Yes, companies can complete the questionnaire by themselves and pay the £300 + VAT certification charge. However, if your application is rejected you will be required to submit the application again and pay a further £300 + VAT certification charge. If your application is rejected for a second time your account will be frozen for 30 days and no further applications can be submitted during this time.
How much detail do you need to include in your answers to the questionnaire?
All answers must include detailed and accurate content to substantiate that your network passes the criteria. Evidence is also required to support your claims.
Do you carry out the work onsite or remotely?
All accreditations require a minimum of 1 day onsite. In order to complete the questionnaire properly this requires onsite technical knowledge and an understanding of your network.
Can you guarantee our company will pass?
We cannot guarantee a pass but to date we have had a 100% success rate with applications. We will not submit your application for accreditation until we are confident that you pass the criteria.
How much technical knowledge does VectorCloud expect from the customer?
Our aim is to guide you through the process and help answer and document all the evidence. You do not need to be a technical expert as any questions you are unable to answer we can investigate further as part of the process.
If our systems do not pass part of the questionnaire what would happen next?
When completing the questionnaire if we find an area of weakness within your network we would advise you as a company how to put the correct measures into play. Should hardware or software be required we can happily assist. We would stress however you are under no obligation to use VectorCloud. Once the system has been brought up to standard we can then continue with your application.
Is there an ongoing cost for Cyber Essentials?
Once accredited you are required to resubmit your questionnaire on an annual basis with updated evidence. Therefore, going forward, you will have an annual cost. VectorCloud prefer to invoice you annually but allow you to pay by direct debit over 12 months.
What is the cost of Cyber Essentials accreditation?
The cost is made up of a fixed certification charge and an ‘Expert Advice and Guidance’ element which depends on the size and complexity of your business. 1 day onsite assistance/consultancy from an experienced and qualified practitioner who will work with you around the Cyber Essentials criteria.
The certification charge is £300 plus VAT.
The table below indicates the full cost:
|Size of business
|Total (Ex VAT)
|Payable Monthly (Ex VAT)
25 May 2018
The certificate is issued after submission of a successful self-assessment questionnaire. We investigate your IT network and procedures and fill out a draft of the assessment questionnaire. We review this draft with you and discuss areas where security should be improved. When any required changes have been implemented we then update the assessment and submit the questionnaire on your behalf for certification.
Reduce risks and contain threats
By putting basic cyber security controls in place, you greatly reduce the risk to your business of a costly cyber security breach or hack.
Open doors to new contracts
Tender for government contracts that require a certified supplier. Most government, Ministry of Defence and PLC tendering contracts insist on Cyber essentials or Cyber Essential Plus as part of their tendering criteria.
Keep in front of your competitors
Differentiate your business from your competitors with a recognized security certification.
Reassurance in the supply chain
Let your suppliers, clients and insurers know that you take data security seriously.
GDPR is intended to strengthen and unify data protection for all individuals within the European Union. Coming into effect on May 25, 2018, it is the most important change in data privacy and security regulation in 20 years. Cyber Essentials certification will help you to avoid suffering an attack or being penalised for a lack of action. It is also worth noting that fines are likely to be much higher when the new General Data Protection Regulation (GDPR) comes into force next year.