From 1st October 2014, all companies bidding for Central Government Contracts must have achieved the basic certification of the Cyber Essentials Scheme.
It appears central Government is… erm… “firmly encouraging” other public body procurement departments to seek the cyber essentials mark as a minimum requirement for contracts that involve ICT or personal info.
Conclusion: if not required on your LA contract yet, it will be soon.
Yesterday a colleague sent me these links.
This is a link to a Summary booklet – the FAQs at the back are interesting.
I spent a jolly evening genning up on the documentation and making a list of my customers that I reckon this will impact.
The good news is this is easily the most accessible IT security document I've seen come out of Government. The bad news, parts of this have already come into effect.
I have walked through the anonymous, quick test provided on the website. So far I don't see anything scary in the questions, but then I'm familiar with how we encourage our customers to operate. It's gratifying to be able to tick so many boxes confidently.
I wonder how many other small businesses will manage. Could they achieve the Mark with as relative ease? Do they have key policies in place are they enforced.
We’re running a Business Briefing called 'The Truth about Business Security in the Cloud' on Thursday 26th February 2015. We are delighted that Alex Bayley from Gotham Digital Science (an old colleague of Symon’s) is taking part on our expert panel. Alex's firm is a certification company for the Cyber Essentials Scheme.
The Government booklet suggests the mark will help promote trust with customers, helping them to identify businesses that have made a commitment to securing their information so even if government contracts are not your bag, it may prove a commercial advantage.
There are more details on our website: https://www.symcar.com/security-briefing.