The certification is reassurance for our clients, stakeholders, and staff that the business has effective cyber security measures in place and provides assurance that protecting their data is a top priority. In today’s current climate, this is more important than ever!
With Cyber Essentials Plus certification we:
- Gain a basic level of security to protect us against common cyber-attacks
- Take a pragmatic first step to continual cyber security
- Public listing on the NCSC and IASME Corporation directories of organisations awarded Cyber Essentials Plus certification
- Help comply with ISO 27001 and implement ISO 27002 controls
- Reassure our clients, stakeholders, and staff that the business takes security seriously
What is Cyber Essentials?
Cyber Essentials is an effective, Government-backed scheme that will help to protect your organisation, whatever its size, against the most common cyber-attacks. The scheme is managed by the National Cyber Security Centre (NCSC), which is part of Government Communications Head Quarters (GCHQ).
The framework consists of five technical cyber security controls:
- Secure configuration
- Access control
- Malware protection
- Patch management
- Boundary firewalls and internet gateways
What is the difference between Cyber Essentials and Cyber Essentials Plus?
Cyber Essentials allows you to assess your own security against cyberthreats and learn what you can do to prevent them. To gain the certification, organisations are required to complete a Self-Assessment Questionnaire (SAQ).
Cyber Essentials Plus
Cyber Essentials Plus is a higher level of validation, as it requires official verification via audit of the systems and controls in place by a qualified and approved IASME certification partner.
- A technical audit of your systems and controls
- Internal assessment
- External vulnerability assessment
- Must be completed within 3 months of passing the basic certification
What are the benefits?
The main reason to gain Cyber Essentials Plus certification is to get a clear picture of the cyber threats your business is facing, and how to protect against them. Just by having Cyber Essentials Plus, you make your business a less attractive target for cyber criminals!
Certified companies are more likely than their non-certified counterparts to be:
- Aware of the risks posed by cyber-attacks (including at a senior level)
- Confident that they are protected from these attacks
- Implementing cyber security controls, including taking steps beyond the technical controls required to become certified
- Positive about the scheme, particularly its impact on customer and investor confidence
Beyond Cyber Essential Plus…
Cyber Essentials Plus is a point-in-time technical certification, so it is vital to continuously maintain broader controls to remain secure.
For us to demonstrate the importance of Orbital’s current and future commitment to cyber security, and for our security to be maintained to the highest standard, we have ensured the business has the following in place:
- Strong and effective in-house security leadership
- Partnerships with industry leading security solution providers
- Regular internal and external security audits and assessments
- Continuous awareness training to mould a security-conscious culture
- Approved and tested Business Continuity Plans (BCP)
- Robust and effective incident response plans
- Disaster Recovery (DR) in place for digital asset private keys
- Secure development life cycle (SDLC) management
- ISO27001 compliance for effective governance of Information Security
- Cyber liability insurance cover
- Achieved an A rating on Security Scorecard for cyber risk monitoring
- National Cyber Security Centre (NCSC) CiSP member
Once again, we are proud of the great effort from the Orbital team, and thanks to 2|SEC Consulting and The IASME Consortium for assisting during this process. This is just the first step in the business’s security certification journey!
For more information on the Cyber Essentials Scheme, please visit the following resources:
You can view our certification here: