A side effect of the GDPR changes is that most companies have prioritised data security. Many larger firms have decided that they need to have confidence in their supply chain which is often smaller firms. As a result, some companies are being told, if they don’t have Cyber Essentials or Cyber Essentials Plus certification, they won’t be considered for new contracts. This even includes companies with long-standing business relationships.
The difference between the two certifications is Cyber Essentials is mostly self-certification but might include an external network scan, and Cyber Essentials Plus is verified by a Certification body and will include internal and external network scans. Cyber Essentials Plus means paying a day rate for the auditor who will attend your premises, and that is likely to cost circa £1500, but this will vary by Certification body and possibly by physical location due to consultant costs. Each business will have to evaluate what level of certification is required. Cyber Essentials will be considerably easier to obtain, cheaper and let disruptive.
Another potential benefit is having security certification might reduce insurance costs or even the being able to get insurance against cyber risks.
Many small businesses will already have many of the requirements in place but will fall short in various details. These will need addressing before applying. This work will usually have a cost.
Atomik.biz can help you through the process and ensure compliance and deal with all the paperwork.
For More Information
Please use the Contact us page or call us on 01525540041 or 02033271747