All change for the government's security certification programme.
Earlier this year, the NCSC (National Cyber Security Centre) announced that changes were coming to the Cyber Essentials scheme, one of which would be to reduce the number of accreditation bodies, from five down to one. The result of the competition has now been revealed, with the IASME Consortium set to take charge of Cyber Essentials from 1st April 2020.
“We are extremely excited about the prospect of working in partnership with the NCSC to develop and grow the Cyber Essentials scheme," said IASME chief executive Dr Emma Philpott, MBE. "We have seen such a positive effect already over the last 5 years where Cyber Essentials has increased the basic levels of security across all sectors. We are so pleased that we can be part of the future developments, working closely with the excellent Certification Bodies, trade bodies, police and other key stakeholders, to ensure further growth of the scheme.”
As you may know, TMB Group is a registered certification body with IASME, so we're familiar with its way of working. One of the things that sets it apart, for example, is automatic cyber liability insurance with every Cyber Essentials certification. It also offers IASME Governance, an affordable alternative to security standards like ISO27001, and GDPR Readiness tests.
It's not clear how much of this will remain after 1st April, because there's a lot to be decided and planned out between now and then. This is what we know for sure:
- IASME has won a five-year contract to deliver Cyber Essentials.
- Cyber Essentials certificates will now expire after one year.
- There will be a minimum criteria for certification bodies and assessors.
The aim is to make Cyber Essentials easier to understand, while also streamlining the certification process to make it faster and more efficient.
In the meantime, while the details are thrashed out, it’s business as usual. The existing five accreditation bodies will continue to work with their current certification bodies, right up to March 2020. Therefore, there is no need to hold off on getting your Cyber Essentials certificate if you thinking of getting one.