Cyber Essentials – What’s changing in 2022
The Government approved Cyber Essentials scheme includes five technical controls that help protect organisations from many forms of cyber-attacks.
The scheme was introduced by the UK Government in 2014 as a way to help make the UK the safest place to do business. On January 24th 2022, some of the technical control requirements will change in line with recommended security updates. The evolution of Cyber Essentials allows UK businesses to continue raising the bar for their cyber security.
A team of industry experts review the scheme at regular intervals to ensure it stays effective in the ever-evolving threat landscape, and a big update is coming in January 2022!
What are the changes?
The first significant change will be the inclusion of cloud-based services. These services, such as Infrastructure as a Service (IaaS), Software as a Service (SaaS) and Platform as a Service (PaaS), will now be included in the assessment scope, in addition to updated requirements regarding security, remote working, password management, multi-factor authentication and more. The changes reflect the evolution of the cyber security landscape and better align Cyber Essentials with other government-backed initiations and guidance, such as Cyber Aware.
How will these changes impact my organisation (or my MSP Clients)?
Any organisations that start the application process before January 24th will continue using the current set of controls and have 6 months to complete the assessment.
Any organisations starting their application on or after January 24th will be assessed against the new technical standards; however, there will be a 12 month grace period for specific requirements to recognise the extra efforts.
For further information on these changes, please see the below resources provided by the NCSC, including FAQs and the updated requirements:
That’s it!
We are an accredited Cyber Essentials and Cyber Essentials Plus Certification Body and look forward to helping our Clients and MSP Partners get certified in 2022!
For more information please contact us on 0161 706 0244 or email info@cybersecurityspecialists.co.uk to speak with a member of the team.