Companies, charities and not-for-profit organisations will be able to certify that their internet security measures are fit for purpose using a new government accreditation scheme.
The Cyber Essentials Scheme provides a five-point framework against which organisations can check they are meeting the minimum requirements to protect against online threats. Organisations will also be able to receive independent accreditation under the scheme to reassure customers that they are implementing the security measures.
Cyber Essentials was launched last month and advises on the following areas of Internet security:
- Boundary firewalls and Internet gateways.
- Secure configuration of devices.
- Internal user access control.
- Malware protection.
- Keeping software up-to-date with latest security patches.
The proposed assurance framework whereby organisations can be accredited against the scheme is expected to be available by this summer. There will be three tiers of accreditation: bronze, silver and gold.
Bronze accreditation will be done on a self-assessment basis, certified by the head of an organisation and then verified by independent professionals. The silver tier will require independent testing and provide a snapshot of a company's security measures. The gold standard will have the same independent testing but also an assessment of the ongoing governance and processes to ensure the measures will remain in place over time.