The Cyber Essentials scheme is a world-leading, cost-effective assurance mechanism for organisations to help demonstrate that the most basic cyber security measures are in place. Certification can be achieved at two levels, Cyber Essentials and Cyber Essentials Plus.
The Cyber Essentials scheme is changing as of 1 April 2020. Find out what this means for new and existing customers
Download our free guide
Recent reviews have recommended Cyber Essentials Plus as the minimum standard for healthcare providers and partners to demonstrate that they have implemented the most basic cyber security controls. For more information about the Cyber Essentials scheme and how it can help you guard against the most common cyber threats, download the free guide.
Download now
Vulnerability scans
In addition to a self-assessment of the five security controls and an external vulnerability scan, Cyber Essentials Plus includes an internal network vulnerability scan and an on-site assessment to thoroughly check whether the solutions you have put in place comply with the control requirements.
The National Cyber Security Centre (NCSC), National Data Guardian Review and Smart review highlight the need for all organisations to achieve Cyber Essentials Plus certification by 2021.
“Recommendation 1: All NHS organisations are to develop local action plans to achieve compliance with the Cyber Essentials Plus standard by June 2021, as recommended by the NCSC.”
- William Smart, Chief Information Officer for Health and Social Care, Lessons learned review of the WannaCry Ransomware Cyber Attack
Cyber Essentials Plus and compliance standards
The Data Security and Protection (DSP) Toolkit has now replaced the Information Governance (IG) Toolkit as the compliance standard for all organisations looking to connect to NHS networks.
Cyber Essentials Plus certification satisfies multiple conditions of the DSP Toolkit. Achieving certification will prepopulate many of the compliance statements within the online portal, reducing the time and cost needed to demonstrate compliance.
Click here for more information on the DSP Toolkit >>
The supply chain
Cyber Essentials is as crucial to healthcare industry partners as it is to healthcare providers. Cyber criminals will exploit any vulnerability in the supply chain to gain access to information networks, resulting in unmitigated access to patient records and valuable healthcare data.
Cyber Essentials Plus can minimise the risk of a data breach and demonstrate that your organisation prioritises cyber security, helping you to secure NHS contracts.
NHS industry partners will be required to comply with the DSP Toolkit from April 2018. Cyber Essentials Plus can help speed up the connectivity and supply process by fulfilling and prepopulating compliance statements within the DSP Toolkit portal.
More information on the DSP Toolkit for healthcare industry partners is available from our healthcare experts >>
Why choose IT Governance for Cyber Essentials certification?
IT Governance is the leading CREST-accredited certification body and has awarded hundreds of certifications, with many more companies achieving certification every day. Our Cyber Essentials clients include NHS Professional, Health Management Ltd and the Professional Standards Authority for Health and Social Care.
See the full list of organisations we’ve certified to the Cyber Essentials scheme >>