Downloads: Free Remote Support: Click here  Remote Monitoring: Click here


Cyber Essentials Bull-IT-in No 1/2017 

DON'T BE CAUGHT OUT – be IT Wiser about:-

  1. 1. Cyber-crime prevention. Usually costly for victims and disruptive. Difficult to eradicate but Cyber Essentials minimises risk and accepted as best practice under new rules.

  2. 2. The new data protection rules (commonly referred to as GDPR) become fully effective by May 2018 extending, amongst other matters equally as important, the reporting requirements where any personal data held is compromised or lost. Full details of what’s new can be found at the following link:
Sanctions for data breeches are fines of up to 4% of global turnover and automatic disclosure of the event with the action taken published on a publicly available 'name and shame' list which can be found at the link below:

These rules also extend your responsibility for any loss by any third parties such as suppliers and customers of personal data you have supplied to them. The GDPR encourages the use of cyber security best practices and endorses for this purpose the use of approved codes of conduct and certification mechanisms to demonstrate that you comply.

Cyber Essentials and Information Assurance for SME (IASME) are one of the standards to be adopted to measure compliance with GDPR requirements for SME’s. Cyber Essentials is a Government initiative led by GCHQ to come up with a minimum standard of security for commercial IT systems that also provides a certification process to evidence the standard has been achieved.

As GDPR rules extend to data given to third parties, evidence of certification is fast becoming a requirement for any one dealing with Government departments, Local Authorities’, Health and Education trusts, and anything involving public funding including FTSE 100 companies. LEXCEL (on behalf of the Solicitors Regulation Authority) have adopted Cyber Essentials as best practice and is also fast being adopted as a pre-condition of insurance by insurers especially for Cyber or loss of data cover.

Therefore, the essential messages to put across at this stage are

1. That any commercial enterprise hoping to either continue dealing with or tendering for new work with any publicly funded operation in future is going to have to show its IT systems are compliant to at least Cyber Essentials Plus standard.

2. Obtaining Cyber Essentials Plus certification is not as simple as filling in the questionnaire. That is just the start of the process which in most cases to date have meant some degree of further investment in infrastructure software and introduction of control procedures for which there is a lead time to implement and which dependent upon what's needed can involve significant cost as well as time.

3. Being able to evidence Cyber Essentials certification ensures compliance with cyber security best practises under GDPR.

4. Finding someone to provide the certificate for both Cyber Essentials and IASME could become the next problem. We are currently one of only two companies that have become Certification Bodies for Cyber Essentials through IASME in West and North Yorkshire, and Lancashire, outside of Manchester and with increasing demand a waiting list could quickly emerge.

Action Point

With the above in mind we recommend you bring Cyber Essentials to the attention of anyone likely to be needing this going forward and put them ahead of the game by getting their application in for certification as soon as possible given the likely delays through demand for this and lead times needed for preparation.

Find more information about the Cyber Essentials initiative IASME and GDPR at

We are happy to field any queries or enquiries as they arise.

The Register