Cyber Essentials Plus 2021 – what are the changes?

Cyber Essentials Plus 2021 – what are the changes?

31st March 2021 Brigantia

Many businesses will be familiar with the Cyber Essentials certification but are less aware of Cyber Essentials Plus and how it differs.

Cyber Essentials Plus is based on the exact same framework as Cyber Essentials, but the information required to pass is obtained in a vastly different way. By design, neither the MSP nor the client can be involved. For this, a third-party IASME accredited auditor is required.

In the first few months of the year, we have seen the demand for Cyber Essentials Plus rapidly increase. This increase can be attributed to a few reasons. Firstly, non-mandatory companies are using it to secure their supply chain. Secondly, consumers are becoming savvier about how their data is being stored by asking businesses to demonstrate their security practices. Similarly, businesses want to independently prove to their clients they are taking the security of their data seriously in response to the 2020 increase in cyberattacks.

Historically, achieving Cyber Essentials Plus accreditation has been very expensive and somewhat unaffordable to small businesses, even if there is a desire to achieve it. This is largely due to the expensive fees for the independent IASME auditor required to conduct the onsite survey. We have seen costs anywhere between £1,000 and £2,000 per day. Now consider the average completion time of between 1 and 3 days and you can see how quickly the costs ramp up.

Unfortunately, the difficulties do not stop there. Usually, the IASME auditor will not guarantee your pass once the audit is complete. The extent of their commitment is to factually compile the required information and report back to IASME. Should the report have flagged up any areas which are deemed to be uncompliant, the first time you will hear of it is when IASME are advising the areas that need remediating. The two main issues here are that you will only have one more opportunity to submit the report before it is a hard failure. The second, you will need to pay for the IASME auditor to return and complete the survey again as this ‘re-scan’ will likely not be included in their costs.

CyberSmart however, have created a completely different service, it is this service that has made them market leaders in delivering Cyber Essentials Plus accreditations. CyberSmart employ their own IASME accredited auditors to conduct the required surveys, meaning there are no expensive consultancy fees and much like Cyber Essentials they can guarantee your pass, and guarantee that your costs will be fixed. Further to all of this, they achieve this via a 100% remote method.

Mark Stuart-Buddery is our in-house CyberSmart specialist and is on hand to walk you through achieving Cyber Essentials Plus for you and your clients.

About the author

Chris Speight: