Cyber Essentials - Self Assessed

This is actually not the first, but the second step.

There are good and bad elements to becoming 'Self Assessed'.

Here's the good news.  Self Assessment is absolutely free!  Download the questionnaire, use it as a guide to improve your organisation's Cyber Security, and protect what's valuable.  Job done.

But.  Here's the bad news. 

There's a very good chance that you will lack the motivation to carry it through, have the right ICT skills, and most importantly, the background education to understand 'why' you need to take these steps.  Maybe time is a consideration - you just don't have any spare.

And because it's free - and let me assure you it's given with the very best of intentions - you won't see its high value.  Things worth having etc...

Third point - and most importantly - Cyber Essentials will improve your standards of security.  But there's nothing to prove to your customers, no reward, nothing to shout about.  There's no Certificate.

Self Assessment is a great thing to do.  It's a step in the right direction.  Do it.

But for the work and effort that you'll have invested, it may be more sensible to step up to Certification.

Certification is similar to Self Assessment because a Firewall is a Firewall, right?

No it isn't - we've got work to do.

The processes are very different.  Simple in its application, with the same set of security controls, yet the advantages of Certification are immense.

Preparation is the key here - read through the questionnaire, login to our Cyber Essentials portal, and fill out the questionnaire online.

Certification  gives you peace of mind.   Your defences will protect against the vast majority of cyber attacks simply because cyber criminals are looking for targets who do not have the basic technical  controls in place.  Being vulnerable to low-level cyber attacks mark you out as an easy target for more  in-depth and unwanted attacks from cyber criminals.

The process of obtaining Cyber Essentials  Certification is simple and achievable.  And it only costs £300 plus VAT.  Organisations assess themselves against five basic security controls and a qualified assessor verifies the information provided.  When assessed, it becomes a simple pass or fail.

What if I fail?  We advise where you need to improve; what you've got wrong, and what you need to do about it.  You make the changes, resubmit and we mark your submission again.

What if I pass?   You'll be notified as soon as we're happy that you've complied with the standard.  Your organisation will be awarded the certificate of compliance and your company will be registerd with the NCSC and IASME.

You've made the grade.

Depending on what business you're in, you may not have the ICT training and skills to successfully implement the five technical controls and complete the certification process.

It may be dragging you away from your real business, and you don't have the time to spare.

Maybe you need to employ the services of an expert.  A specialist in Cyber Security.

Small and medium sized businesses think in 'day rates', and 'per hour', and our is £450 per day, plus reasonable disbursements, plus VAT.

When preparing for Cyber Essentials, experience has taught us that it is better to approach it as a project.  Why?  Because it doesn't happen in three straight days.

Projects are calculated on our standard daily rate.  We expect the client to cover reasonable disbursements - transport costs, over night accomodation etc.  But we don't expect you to pay for our general administration, telephone calls or our lunch.

Archie Consulting is the Certifying Body.  We certify submissions on behalf of IASME.  So by employing us, we can prepare you to pass.  And we can guarantee that you'll pass with flying colours.

Compared to Cyber Essentials, IASME Governance is a much longer step.  

In fact, Governance is your first step.

It is a comprehensive structure that attends to all your Information Assurance and Security issues.  Implementing a password policy is relatively easy but the planning, administration, organisation and management of, and compliance to, such a thing needs to controlled by some form of internal regulation.  So even though Governance is your last certificate, it’s where your work starts.

It is designed to be