This is a government initiative using a self assessment scheme on an annual renewal basis.
If you’re a really smart business person, you take something that you need to do with no apparent benefit and get some business advantage from it.
You need to adhere to some security constraints; why not take a government designed process instead of creating your own and then get a nice badge you can put on your website, stationery and email signatures that immediately boosts the confidence of your partners with whom you communicate. It instils confidence in your correspondents and probably puts you a notch above the competition.
Bottom line – This is a self certification using a questionnaire. If you tick all the boxes without confirming it’s worthless. However, it’s a good framework for doing that actually needs to be done and that alone could be saving a lot of time, effort and money.
Lorica can help you in completing the questionnaire. Obviously, there may well be areas of your IT infrastructure that need updating to comply and it’ll involve introducing procedures and training for your staff but it’s all stuff we would strongly recommend you do anyway. There’s a set fee and the process needs to be repeated every 12 months.
Here’s an option worth consideration. Lorica are authorised distributors for Cyber-Smart. This is a service with an agent that is installed on each PC and keeps an eye on things helping you maintain compliance. It’s almost like another piece of software that does the things an antivirus program doesn’t do that you might be trusting your users to do.
It’s only a certification.
Cyber Essentials can be obtained by just completing the questionnaire with the correct answers. If you do that, it’ll only cost you the £300 per year fee and the consultancy time or employee time involved. However, that’s pointless.
You need to think of it as a formalisation of the compliance procedure and a well thought out set of guidelines to work to. Once complete, you’ll have peace of mind that you’ve followed best practice and the added benefit of being able to shout about your compliance and instil confidence with your customers.
The Process
Cheapest and simplest scenario is that your IT infrastructure, users and procedures are all in place and up to standard. You download the questionnaire and answer everything, submit it and in a few days get your certification.
More realistic is that you’ll work through the questionnaire and be able to comply with many aspects but will discover many things that you need to change, some which you may be aware of and others that you weren’t.
What you’ll have to pay for
The following :
- The annual cost of the certification
- Labour time to complete the assessment
- Labour time to identify the required action, then plan and implement, plus any costs involved.
Lorica are here to help. If you’re a client, we know your systems and have much of it documented. We also know which areas you’re likely need to attend to so saving time.
Using CyberSmart will take a chunk of work out of the process. It assists greatly with the most difficult area: your users.
Please take a look at our PDF which you can download form here:
The Cost?
The basic cost of the certification is £300 per year.
Your costs on top need to cover gathering, document and checking your IT infrastructure security AND any improvements, additions or change that it will require.
In actual fact, the certification cost is very little. The meeting compliance cost will be greater but in real terms, is the cost of what you need to be doing anyway, irrespective of the certification.
Complete the contact form for more information, an informal chat or a full assessment of what your company needs to do to obtain this valuable qualification. Our contact page is here.