Information Security Policies
Network (External) Security Vulnerability Assessment
243 days is the average amount of time a hacker is in a network before being discovered
Speak to the Risk Factory Foreman, and he'll tell you everything you need to know.
Call us on 0800 978 8139
Cyber Essentials is a scheme that has been developed by the Government and industry to help protect organisations against common online attacks. Cyber Essentials is mandatory for central government contracts advertised after 1 October 2014 which involve handling personal information and providing certain ICT products and services. It defines a focused set of controls which will provide cost-effective, basic cyber security for organisations of all sizes and through the Assurance Framework it offers a mechanism for organisations to demonstrate to customers, investors, insurers and others that they have taken these essential precautions. There are two types of certification available, Cyber Essentials and Cyber Essentials Plus.
Cyber Essentials Plus offers a higher level of assurance to customers, partners and other stakeholders that the organisation has implemented controls that meets the governments recommended base level of cyber hygiene. The assessment comprises of manual review and verification of your company’s submitted responses and associated evidenced. A vulnerability assessment would be conducted on your system to support the responses and evidences provided in your self-assessment. The rigorous nature of this assessment is due to your organisation using ICT services as a core deliverable rather than a business enabler. In the event that your organisation fails the assessment, it has 30 days to remediate the identified vulnerabilities and resubmit without charge.
Cyber Essentials concentrates on five key controls. These are:
The assessment process is a ‘snap shot’ in time and it can only be sure to be effective on the day of assessment as new vulnerabilities are continuously being identified. Organisations must maintain the principles of the scheme on an on-going basis (for example, ensuring that patching always occurs in a timely fashion and that malware protection is kept up to date) and not just prepared for assessment. As a minimum, to retain the certification, organisations must recertify annually.
Once Risk Factory have completed an on-site assessment of your responses against the criteria and your organisation passes, we will then issue you a Cyber Essentials Plus Certificate of Compliance good for one year from date of issue.
After placing the order with us you will be contacted by our Factory Foreman who will send you the application for you to complete and request the IP addresses associated with the systems and/or websites in scope of the certification. The questionnaire form must be completed and submitted with evidence for each response (screenshots).