Think Compliance? Think Uptech
The Cyber Essentials Scheme
Cyber Essentials is a government-backed cyber security certification scheme that sets out a good baseline of cyber security suitable for all organisations. The scheme addresses five key controls that, when implemented correctly, can prevent around 80% of common cyber attacks. These five controls cover boundary firewalls and Internet gateways, secure configuration, access controls, patch management and malware protection.
There are 2 levels of Cyber Essentials certification available for your organisation: Cyber Essentials and Cyber Essentials Plus.
The Cyber Essentials certification process includes a self-assessment questionnaire (SAQ) around the adoption of the five controls, as well as an external vulnerability scan of the externally facing IP addresses. The external vulnerability scan provides independent verification of your cyber security status and is only offered as part of a CREST-accredited Cyber Essentials certification.
Cyber Essentials Plus
The Cyber Essentials Plus certification includes all of the assessments for the Cyber Essentials certification but includes a technical review of the organisation's workstations and an on-site assessment. Cyber Essentials Plus is a more thorough assessment of the organisation and, as a result, may provide greater security assurance.
As an IT Governance partner we can help take you through the CREST-accredited version of the scheme.
EU General Data Protection Regulation
The General Data Protection Regulation (GDPR) will be enforced from 25th May 2018. UK organisations that process the personal data of EU residents have only a short time to ensure that they are compliant.
Introduced to keep pace with the modern digital landscape, the GDPR is more extensive in scope and application than the current Data Protection Act (DPA). The Regulation extends the data rights of individuals, and requires organisations to develop clear policies and procedures to protect personal data, and adopt appropriate technical and organisational measures.
Penalties under the GDPR
The Regulation mandates considerably tougher penalties than the DPA: organisations found in breach of the Regulation can expect administrative fines of up to 4% of annual global turnover or €20 million - whichever is greater.
Our partnership with IT Governance means that we can offer a comprehensive suite of information resources, solutions and consultancy services that help organisations prepare for the GDPR.