26.09.14
Cyber security compliance required for government suppliers
From 1 October 2014, suppliers will be required to comply with the new Cyber Essentials controls if bidding on government contracts that involve handling sensitive and personal information.
The scheme, which was launched in June, is the first recognised cyber security assurance certification suitable for all business to adopt. Among the first businesses to apply for an award were BAE Systems, Barclays and Hewlett-Packard. It has also been taken up by small businesses such as Nexor and Tier 3, along with the University of Derby and Institute of Chartered Accountants in England and Wales
Cyber Essentials was developed by government, in consultation with industry. It offers a foundation of basic cyber hygiene measures which can significantly reduce a company’s vulnerability. The government says that the scheme’s set of five critical controls is applicable to all types of organisations, of all sizes, giving protection from the most prevalent forms of threat coming from the internet.
Cabinet minister Francis Maude MP said: “It’s vital that we take steps to reduce the levels of cyber security risk in our supply chain. Cyber Essentials provides a cost-effective foundation of basic measures that can defend against the increasing threat of cyber attack. Businesses can demonstrate that they take this issue seriously and that they have met government requirements to respond to the threat. Gaining this kind of accreditation will also demonstrate to non-government customers a business’s clear stance on cyber security.
“Cyber Essentials is a single, government and industry endorsed cyber security certification. It is accessible for businesses of all sizes and sectors to adopt, and I encourage them to do so.”
Insurance firms, such as AIG, are now offering companies incentives to become certified and HP are also starting to require certification in its supply chain.
Stuart Bladen, regional vice president and general manager of the UK public sector for HP Enterprise Services, said: “Cyber Essentials helps keep businesses safe online, which is why HP has been an active supporter of the scheme from its initial concept. Our extended supply chain of differing business types, including a large SME community, can get affordable cyber security assurance to protect their own and HP intellectual property and information, and that of customers.
“For this reason HP UK public sector has written to its entire supply chain explaining the merits of the certification and notifying our intention to require them to adopt this scheme.”
There are two levels of assurance available, Cyber Essentials and Cyber Essentials Plus. Organisations assessed as successful in meeting the scheme’s requirements are awarded a certificate and are able to display the appropriate Cyber Essentials or Cyber Essentials Plus badge on their marketing material.
Tell us what you think – have your say below or email [email protected]