The Cyber Essentials Scheme is changing

The Cyber Essentials Scheme is changing

But don’t panic!

The National Cyber Security Centre (NCSC) has announced a change to the way the Cyber Essentials scheme will be delivered.

First of all, if you have been certified by Greyfield Consultancy Services Ltd, who are already accredited by IASME to provide certifications for the Cyber Essentials scheme, there will be no change to your service.

Even if you have been certified by an organisation under one of the other Accreditation Bodies then in all likelihood they in turn will seek authorisation from IASME too, and so similarly there will probably be no change to your existing arrangements: if you are in any doubt we recommend that you first contact your existing certification body.

So what’s happening?

The IASME Consortium Ltd is one of 5 Accreditation Bodies (ABs) that currently operates the scheme. In turn, these ABs appoint, manage and oversee the various Certification Bodies (CBs) that provide the actual Cyber Essentials assessments and certifications.

IASME will take over full responsibility for Cyber Essentials delivery from 1 April 2020 as the sole industry partner of NCSC for the scheme.

IASME was one of the original contributors in the development of Cyber Essentials, and has been an Accreditation Body since the Cyber Essentials scheme was launched in 2014.

Why is this happening?

An important aspect of the Cyber Essential scheme is that it is continually monitored and reviewed to ensure that it remains relevant, effective and achievable, with the aim of helping to “make the UK one of the safest places to live and do business-on line”.

As such the NCSC have been planning to make improvements to the scheme. These include, amongst other things, the following aims:

  • increase the adoption of Cyber Essentials, particularly amongst small and medium sized organisations;
  • provide a simplified and consistent operating model;
  • establish minimum criteria for Certification Bodies and Cyber Essentials assessors.

In order to achieve these and other improvements, the NCSC sought to appoint an industry partner to work with, and following a competition, the NCSC have awarded a 5-year contract to IASME to be the new Cyber Essentials Partner from April 2020.

What does this mean for me?

In short, it’s business as usual. Greyfield Consultancy Services Ltd. are already authorised by IASME to provide certifications to the Cyber Essentials scheme and so there will be no change for our clients in the delivery of assessment and certification. Other Certification Bodies are expected to transition to also become authorised by IASME, and so customers of these organisations may continue with their existing arrangements. All certifications remain valid and Certification Bodies will contact applicants as they approach their renewal time as normal.

The price of the Cyber Essentials basic assessment remains at the fixed price of £300 + VAT (the price of a Cyber Essentials Plus assessment will depend on the size and scope of an organisation’s infrastructure). The question set itself has always been subject to regular review and will now become consistent across all Certification Bodies, but is not expected to change significantly.

For further details please see the IASME and NCSC websites.

The FAQ for these changes can also be found here.