Cyber Essentials - NEWSFLASH
HM Government has announced the mandating of the recently launched Cyber Essentials standard for new Government contracts where any of the following criteria is met: -
i) Where personal information of citizens, such as home addresses, bank details, or payment information is handled by a supplier.
ii) Where personal information of Government employees, Ministers and Special Advisors such as payroll, travel booking or expenses information is handled by a supplier.
iii) Where ICT systems and services are supplied which are designed to store, or process, data at the OFFICIAL level of the Government Protective Marking scheme.
The announcement was made by Cabinet Office minister Francis Maude saying “It is vital that we take steps to reduce the levels of cyber security risk in our supply chain,”
“Cyber Essentials provides a cost-effective foundation of basic measures that can defend against the increasing threat of cyber attack.”
Maude said CES enables businesses to demonstrate they take the issue seriously and have met government requirements to respond to the threat.
He said gaining this kind of accreditation will demonstrate to non-government customers that a business has a clear stance on cyber security.
“Cyber Essentials is a single, government- and industry-endorsed cyber-security certification. It is accessible for businesses of all sizes and sectors to adopt, and I encourage them to do so,” he said.
Government says CES is gathering pace, with insurance firms such as AIG offering incentives to businesses to become certified. Larger organisations, such as Hewlett-Packard (HP), have begun to demand it from their own supply chains.
“Cyber Essentials helps keep businesses safe online, which is why HP has been an active supporter of the scheme from its initial concept,” said Stuart Bladen, regional vice-president and general manager, UK public sector, HP enterprise services.
“Our extended supply chain of differing business types, including a large SME community, can get affordable cyber security assurance to protect their own and HP intellectual property and information, and that of customers.
“For this reason HP UK Public Sector has written to its entire supply chain explaining the merits of the certification and notifying our intention to require them to adopt this scheme.”
Other early adopters of the CES include BAE Systems, Barclays, Vodafone and the Confederation of British Industry (CBI), as well as small businesses like Databarracks, Nexor, Tier 3 and Skyscape.
The full text of Procurement Policy Notice can be found at https://www.gov.uk/government/publications/procurement-policy-note-0914-cyber-essentials-scheme-certification
For more information about how Yellowspring can guide you and your business, and possibly your clients, towards attaining the Cyber Essentials or Cyber Essentials Plus standards, please contact Maria West on 01268 494101 or email firstname.lastname@example.org