Cyber Essentials 2022 Updates
Since 2014, the Cyber Essentials scheme has been helping organisations safeguard their systems and employees against the most common types of cyber-attack.
Primarily accelerated by the widespread adoption of cloud services, digital transformation and hybrid working, the landscape in which we now operate has changed dramatically since the scheme’s launch seven years ago. As such, the NCSC and IASME have decided it’s time to implement an updated version of the Cyber Essentials Basic questionnaire to reflect these changes and remain relevant in today’s increasingly complex digital environment. The revised requirements will be called ‘Evendine’ and will come into effect on January 24th 2022.
In line with these updated technical controls, Cyber Essentials will also adopt a new tiered pricing structure, aiming to better reflect the complexity and time involved in assessing larger organisations. This is a change that all Certification Bodies will be implementing, and you can find more information on the industry-wide price change here.
So, what changes shall we expect from Cyber Essentials?
The first significant change will be the inclusion of cloud-based services. These services, such as Infrastructure as a Service (IaaS), Software as a Service (SaaS) and Platform as a Service (PaaS), will now be included in the assessment scope, in addition to updated requirements regarding security, remote working, password management, multi-factor authentication and more. The changes reflect the evolution of the cyber security landscape and better align Cyber Essentials with other government-backed initiations and guidance, such as Cyber Aware.
How will these changes impact my organisation?
Any organisations that start the application process before January 24th will continue using the current set of controls and have 6 months to complete the assessment.
Any organisations starting their application on or after January 24th will be assessed against the new technical standards; however, there will be a 12 month grace period for specific requirements to recognise the extra efforts.
For further information on these changes, please see the below resources provided by the NCSC, including FAQs and the updated requirements:
How can Stripe OLT help?
Our experts have already delivered Cyber Essentials consultancy to businesses throughout the UK, providing them with the guidance and support they need to achieve security accreditation successfully.