Cyber Essentials
Cyber Essentials is a government-backed scheme to help protect against cyber-attacks. It gives assurance to customers and suppliers and it is required for public sector tenders. For many organisations, it can be seen as a solid step forwards in understanding and dealing with current security weaknesses.
Cyber Essentials covers five key control areas: Malware Protection, Secure Configuration, Patch Management, Boundary Firewalls and Internet Gateways, and Access Management. The current state is established, required remedial actions (if any) are identified, and certification can proceed when the assessment criteria are met so that the self-assessment form can completed and submitted. For added credibility and to meet more stringent requirements, Cyber Essentials Plus adds an audit by a Cyber Essentials Certification Body, to follow this process.
The IASME Consortium is the National Cyber Security Centre’s partner for the delivery of the Cyber Essentials scheme. The IASME Governance certification is an option that adds controls over processes and people, as well as GDPR requirements, to the Cyber Essentials core. It can be self-assessed, or audited. In some cases this can be viewed as a more affordable alternative to ISO 27001, depending on the requirements.
Official Cyber Essentials certificates are issued and entries are made in the certificate register. Certificates are valid for a year and need renewing annually.
How can Titan Help?
Depending on the scope, small and medium-size companies typically benefit from just 1 to 2.5 days of consulting from a specialist to achieve the certification, plus the certification fee itself. Support can be provided by telephone and email during the process. A pass-first time option (no retest fee) is available. Quotes are issued promptly after simple scoping. Urgent projects, for example to support a sales tender, can often be accommodated.
Titan will arrange the consulting service and certification, within a service package. This package is sold via Titan’s reseller or MSP to the end-client, while the services themselves are provided directly by the service vendor to the end-client
Contact us to find out how Titan can help your customers with Cyber Essentials, or to arrange a call and demo
ISO 27001
ISO/IEC 27001 is an internationally recognised standard which covers the implementation, maintenance and continuous improvement of an “ISMS” – Information Security Management System. The certification deals with policies, procedures, processes and systems. The certification may be required in order to meet customer or tender demands, or as a strategic step in a journey to improve information security to a new level.
Achieving ISO 27001 is a substantial undertaking that requires top-level sponsorship in the organisation and the participation of different areas of management. After initial certification, ongoing support and advice may be required in order to maintain compliance with the ISO 27001 requirements.
How can Titan Help?
Titan can arrange ISO 27001 as a fully managed service package which covers the whole process from inception to certification, as well as ongoing support after the certification. This package ensures access to the relevant expertise and helps to ensure the certification is not only achieved, but retained in the years to come.
The service package starts with a gap analysis which will highlight the areas that need attention in order to achieve certification. Then the bespoke Information Security Management System will be designed and implemented together with the client, taking into account the organisation’s policies and procedures. Documentation and support will be supplied. The next step will the Stage 1 Audit by an external accredited body, which will validate documentation and processes. The services will be available to work with the end-client on any areas of improvement that may be identified. The Stage 2 Audit is then finally the process that decides the award of the ISO certification.
After certification, the service package can include regular audits against the ISO 27001 controls, as well as help with managing information security risks and continuous improvement.
This ISO 27001 full managed service package, as well as day-rate consulting services and other options, are sold via Titan’s reseller or MSP to the end-client, while the services themselves are provided directly by the service vendor to the end-client.