The Cyber Essentials PLUS certification is the next step in the government backed, industry-supported Cyber Essentials scheme.
This second stage of the Cyber Essentials scheme builds on your existing knowledge by stress testing your business’ current technologies; focusing on technical solutions rather than policies, this accreditation investigates the fragility of your IT system.
By carrying out stage two of the cyber essentials scheme, you will not only be demonstrating your commitment to data security, you will also improve your chances of winning business with larger organisations, government authorities and public services.
What are the requirements?
You will need to complete your Cyber Essentials PLUS audit within 3 months of your last Cyber Essentials basic certification. Alternatively, you can complete an online assessment as part of the Cyber Essentials PLUS certification.
Why work with Stripe OLT?
- Unlike the first stage of the Cyber Essentials accreditation, which focus’ on internal policies, this is a comprehensive series of technical tests that are conducted by our consultants to verify existing security controls in place. That’s why the support of an experienced team, like Stripe OLT, is essential in ensuring you pass this certification.
- The work we do is recognised by the UK government. We deliver Cyber Essentials consultancy to businesses all over the UK, providing the guidance and support needed to successfully achieve the accreditation.
- We use cutting edge Microsoft technology, alongside our own in-house solutions to get your security infrastructure up to scratch. These solutions are in line with those recommended by IASME and other Information Security standards, such as ISO 27001.
- We have an extremely very high success rate. We’ve already helped a large number of organisations, ranging from SME’s to national corporates, so understand how cyber security requirements differ. No matter what size or industry, we have the collaborative experience to support your business and it’s individual requirements.
So, how do we do this?
First we consolidate. We will ask you a specific set of questions that allow us to gain an understanding into how your network and business systems function. From this, we’ll create a list of actions that will need to be performed prior to system testing.
Next we carry out an External Vulnerability Scan – Our security experts will scan your external infrastructure for vulnerabilities and try to identify holes in your public facing network infrastructure. If your website has a login function, for example, we will test a list of common credentials to ensure they are not valid. Our objective here is to discover where malicious outsiders could potentially break in and attack your network.
Stage three is to carry out an Internal Vulnerability Scan – Our security consultants will work on-site to perform the internal vulnerability assessment. This type of assessment evaluates your IT security from within the network perimeters. Essentially, we will be looking vulnerable out of date systems and ways in which users located inside the company could exploit your network or accidentally leak data assets.
Then we provide solutions – During the vulnerability assessment, any risks we’ve discovered to be deemed a high risk and would result in failure, will be raised and follow up actions will be provided.
Post testing, we will provide a submission report –We will prepare the submission report for the Cyber Essentials Plus certification. When all parties are happy, we will submit on your behalf.
Finally we’ll look at the Results – Once you’ve become certified, we will provide you with a list of further recommended remedial work, prior to testing for re-certification the following year.