Embarking on certification to Cyber Essentials and ISO 27001
Cyber Essentials is a UK government assurance scheme that sets out five technical cybersecurity controls that all organizations can implement to achieve a baseline of cybersecurity. Organizations that implement the five security controls, without certification, can prevent around 80% of cyber attacks.
ISO/IEC 27001:2013 is the international standard that provides the specification for an ISMS (information security management system) – a systematic approach to managing information security risk.
ISO 27001 goes considerably further than Cyber Essentials, providing 114 security controls that encompass people, processes and technology. Although Cyber Essentials and ISO 27001 serve different needs, the two should be seen as complementary rather than competing.
Any US organizations that have put the Cyber Essentials scheme’s five controls in place (even without certification) should look to ISO 27001 to improve the maturity of their security practices, and take in information in all formats, across a wider scope.
Optimal approach to implementation
If you are new to the world of ISO 27001, certifying to both the Standard and Cyber Essentials at the same time is more resource and time-effective.
IT Governance can help you achieve this with an integrated approach. However, depending on your current resources, time commitment and budget, you may wish to start with certification to Cyber Essentials. This will give you an introduction to the world of certification and information security.
When you are ready to take the next step of implementing a robust ISMS, you will be well positioned to continue to ISO 27001 certification.
Secure your organisation with Cyber Essentials
With IT Governance, you can complete the entire certification process quickly and easily using our online portal for as little as £300.
Find out more