CREST Cyber Essentials testing
The Cyber Essentials Scheme
CREST recognises Pen Test Partners as a Cyber Essentials certifier; something we’re very pleased about.
By working with us you can achieve Cyber Essentials scheme status with a minimum of fuss and bother. We walk you through the process, to help make sure that you meet the requirements, and then some, without leaning on you to buy things from us that you don’t need.
Reducing cyber risk has always been our goal for our clients, so the UK Government’s commitment to formalising this for a wider audience is a welcome initiative.
By certifying your business in this way you can demonstrably show a very specific level of care to your clients and suppliers, as well as transparency to your insurers, your industry, and regulatory bodies.
Currently any supplier who wants to bid for certain Central Government contracts has to be Cyber Essentials certified, you can find the details here.
The Cyber Essentials scheme has two levels:
(Stage 1) Cyber Essentials
This is a self-assessment activity, first you complete the mandated questionnaire which helps you describe your security controls, and Internet facing infrastructure. We then check this to ensure that all the relevant information is present and we may ask you to provide your internal security policy documentation. Once this is signed-off by your CEO, and we have approval, we scan your externally facing network and infrastructure devices.
Once we have the scan results, both this and the questionnaire are scored accordingly. We then produce a report with a pass (and the certificate) or a fail (with appropriate remediation activities).
It’s very, very straightforward and quite simple, with our help.
(Stage 2) Cyber Essentials PLUS
If you’re thinking about Stage 2 we don’t need to reiterate the benefits; reduced commercial friction. It just makes sense.
Contrary to popular myth Cyber Essentials PLUS is really not that complex to get to grips with. To be eligible for Cyber Essentials PLUS certification you just need to step-up your assurance to hardening your organisation and locking down your commercial assets.
We can help you demonstrate that you have a serious commitment to going a stage further. By being an organisation that looks at the security of workstations and servers, and can show that you have thought about different attack vectors (and how to mitigate the risk from them), you can be eligible for certification.
Contact us, we’ll get back to you.